Unsuspecting visitors are sometimes sent to a rogue redirect landing page with a bogus CAPTCHA check. When clicked, it feeds unwelcome adverts that appear to come from the operating system rather than a web browser. Since May 9, the campaign, which is a continuation of another wave discovered last month, has affected 322 websites. On the other side, the April attacks breached more than 6,500 domains.
According to Konov, attackers are exploiting several vulnerabilities in WordPress plugins and themes to get access to the website and insert malicious scripts. Hackers are anticipated to continue registering new ones for this continuous effort as soon as current domains are blacklisted.