The botnet is named WP-VCD and has been active since early 2017.ZDNet covered the botnet’s modus operandi in a previous and more expansive article in November 2019. To summarize, the WP-VCD gang runs a network of “free download” sites where they share pirated commercial WordPress themes.Unbeknownst to the users who download these pirated themes is that they hide a backdoor that allows the WP-VCD gang to hijack websites.
Source: WordPress botnet deploys anti-adblocker script to make sure its spammy ads are profitable | ZDNet