if you google 'crypto php backdoor' you should be able to find the original report in pdf format from the fox it security website.

The report states that they found the backdoor in some joomla and wordpress plug-ins and themes and some drupal themes.

All of these were pirated themes passed on for free and they do indentify some of the websites in the report.

The important difference here is that most concrete5 themes and plug-ins come from the C5 curated marketplace which 'should' make it far more difficult to introduce malicious code.

Also the backdoor has to be specifically coded to the CMS and there was no mention of C5.

Take from this what you will, but the main issue seems to be people downloading plug ins for free that should be paid for and in the process getting 'a little extra'.

Hah, yeah if you just read it, you can take this message home: "Don't download pirated software"

Who knew pirated software might have virii and bugs?! :)

Download c5 from concrete5.org, and download the addons/themes from concrete5.org