Once after the infection it automatically redirect site visitors to third-party websites containing malicious content, scam pages, or commercial websites to generate illegitimate traffic.
Users were redirected to a landing page containing a CAPTCHA check in most of the attack. Upon clicking on the fake CAPTCHA, they’ll be opted in to receive unwanted ads even when the site isn’t open.
Researchers says, at least 322 websites were compromised as a result of this new wave of attacks and were observed redirecting visitors to the malicious website drakefollow[.]com.
Website admins could check if their websites have been compromised by using Sucuri’s free remote website scanner.
This report was published by Sucuri security research firm