Hi my name is Spox (Dila Belimi) and I like to steal from average people during a global pandemic.
A phishing kit targeting both the login information and also the API key for Vonage API users (previously Nexmo). The stolen API can then be used to send and receive SMS, or even calls, from a large selection of clean numbers.
A malicious PHP file is used to take down Wordfence plugin before it adjusts its own mtime timestamp.
A PHP backdoor that injects its payload into the default PHP error_log