After multiple reports via the chat system. the support person claimed that this is false and everything was fine. Virustotal mirrors: Office malware dropper URL (blog.purevpn.com) https://virustotal.com/en/url/8cc65c5d2546e68db4ff2cb60f1ced82fd99d855661ee958835596404982a2f3/analysis/1460334073/ Office Macro dropper (.doc) https://virustotal.com/en/file/28de6eaf5f3c0ddcb0483432aae06969545e463332d785fcdd39aa54f28736e9/analysis/1460334077/ Dropped executable (Windows Password stealer Trojan) https://virustotal.com/en/file/52c5f6acdc76954ef2aff462f1f7c2b878e8eee21b820fda0a75d25a91b45779/analysis/1460334670/ Chat Transcript: Now, every project can be potentially hacked. Especially if you run an outdated WordPress blog. The important part is how do you deal with incidents when they occur. And here we have a perfect example of complete deniability and ignorance regarding the issue. You should be very careful if you downloaded any software from them in the past, or intend to do so in the future.