The name of the hack comes from the username of the admin account the hacker created in the WordPress database on compromised accounts.
The interesting part is that the hack they used worked on fully up to date, extension-free WordPress installs, meaning there was a severe security hole in WP's core.
People around the world were reporting this hack on different hosts too around the same time. WP themselves...they spent their time deleting people's complaints, closing hack reports as no issue found, and denying the hack exists despite the obvious evidence to the contrary.
just another reason to never use WordPress without proper security in place.
The way this hack works is that it exploits vulnerabilities in deprecated plugins or themes to gain access to the whole server.
If the server security are wide open a hacker will most likely be able to gain access to the whole server not just the site account.
The exploits presumes the hacker has uploaded an infected php file to your plugins/theme folders and executes the infected file to deploy code on the server.
