Cybersecurity researchers have discovered a large-scale effort that injects malicious JavaScript code into hacked WordPress websites, redirecting users to scam pages and other malicious websites in order to generate fake traffic.
“The websites all shared a common issue — malicious JavaScript had been injected within their website’s files and the database, including legitimate core WordPress files,” said Krasimir Konov, a malware analyst at Sucuri.
This entailed infecting files like jquery.min.js and jquery-migrate.min.js with obfuscated JavaScript that gets activated on every page load, allowing the cybercriminal to redirect website users to a particular address. According to the GoDaddy-owned website security business, the domains at the end of the redirect chain might be used to load ads, phishing sites, malware, or even trigger another series of redirects.
Unsuspecting visitors are sometimes sent to a rogue redirect landing page with a bogus CAPTCHA check. When clicked, it feeds unwelcome adverts that appear to come from the operating system rather than a web browser. Since May 9, the campaign, which is a continuation of another wave discovered last month, has affected 322 websites. On the other side, the April attacks breached more than 6,500 domains.
According to Konov, attackers are exploiting several vulnerabilities in WordPress plugins and themes to get access to the website and insert malicious scripts. Hackers are anticipated to continue registering new ones for this continuous effort as soon as current domains are blacklisted.
You may use any free remote website scanner to identify malware if you feel your website has been infected with malicious JavaScript or noticed unwanted redirection to spam or adverts on your site.
