June 5, 2023

Researchers discovered a massive campaign that compromised thousands of WordPress websites by injecting malicious JavaScript code that redirects visitors to scam content.

Once after the infection it automatically redirect site visitors to third-party websites containing malicious content, scam pages, or commercial websites to generate illegitimate traffic.

Advertisements

The websites all shared a common issue — malicious JavaScript had been injected within their website’s files and the database, including legitimate core WordPress files, such as:

  • ./wp-includes/js/jquery/jquery.min.js
  • ./wp-includes/js/jquery/jquery-migrate.min.js“
WordPress deobfuscated-malicious-javascript

Users were redirected to a landing page containing a CAPTCHA check in most of the attack. Upon clicking on the fake CAPTCHA, they’ll be opted in to receive unwanted ads even when the site isn’t open.

Researchers says, at least 322 websites were compromised as a result of this new wave of attacks and were observed redirecting visitors to the malicious website drakefollow[.]com.

Advertisements

Website admins could check if their websites have been compromised by using Sucuri’s free remote website scanner.

This report was published by Sucuri security research firm

Tags:

Leave a Reply

You may have missed

BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

June 4, 2023
Cisco buys Armorblox

Cisco buys Armorblox

June 3, 2023
CISA KEV Update Part I – May 2023

CISA KEV Update Part I – May 2023

June 3, 2023
Gigabyte Motherboards Backdoor’ed

Gigabyte Motherboards Backdoor’ed

June 3, 2023
MOVEit Vulnerability Exploited in Wild

MOVEit Vulnerability Exploited in Wild

June 2, 2023
%d bloggers like this: