Fraudsters Hacked Thousands of WordPress Sites and Redirect Visitors to Their Pages

Sucuri researchers have uncovered a massive campaign, in which hackers inject malicious JavaScript code into thousands of compromised WordPress sites.

Resources infected in this way are then used to redirect users to fraudulent pages and various malicious sites. According to experts, a total of more than 6,600 sites have already been compromised.

Let me remind you that we also wrote that 1.2 million WordPress site owners were affected by the GoDaddy data breach.

Malicious code is injected into various files of compromised sites, databases, and core WordPress files, including ./wp-includes/js/jquery/jquery.min.js and ./wp-includes/js/jquery/jquery-mgrate.min.js. Essentially, the attackers are trying to put their own malicious code into any .js files with jQuery in the name. To avoid detection and hide their activity, hackers use CharCode.

Thousands of sites on wordpress

Typically, these redirects lead to phishing pages, malware downloads, banner ads, or even more redirects. For example, an injection on a hacked site creates a new script element with the legendtable[.]com domain as the source. This domain refers to a second external domain – local[.]drakefollow[.]com – which refers to another, thereby creating a chain through which the visitor passes until he is redirected to some malicious resource.

Before reaching the final landing page, some visitors are taken to a fake CAPTCHA page that tries to trick them into signing up for push notifications from a malicious site.

If a person clicks on a fake CAPTCHA, they will receive unwanted ads even if the site is not open, and ads will look like they are coming from the operating system, not from the browser. Also, these hidden push notification maneuvers are associated with one of the most common “tech support” scams. When a user is informed that their computer is infected with a virus or is too slow, and in order to solve the problem, they should call the toll-free number [hackers].experts say.
The researchers say that to initially compromise WordPress sites, attackers use numerous vulnerabilities in WordPress plugins and themes, which are discovered regularly.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button