The last few weeks, WordPress has been under many attacks. These have shown great planning as they attack not only plugins, but are capable of injecting vulnerable code that makes visited sites lead to others, which will trick visitors. In April, there was a wave of attacks exploiting weaknesses in the plugins WordPress sites rely on, but May is proving that this wave will only continue. Read all the details in this article.
Read: A Nerbian RAT is targeting entities in Italy, Spain and The U.K.
WordPress sites have been compromised
The hacked sites present malicious JavaScript code that generates a redirect when clicking on any link within the page. These sites are usually hoax pages or contaminated sites that only generate illegal traffic, which is used by cybercriminals for other activities.
“The websites all shared a common issue — malicious JavaScript had been injected within their website’s files and the database, including legitimate core WordPress files,” Krasimir Konov, a malware analyst at Sucuri, the GoDaddy security firm, said in a report published last week.
The files that the malicious code infects are jquery.min.js and jquery-migrate.min.js, among others, which only cause the site’s JavaScript to respond with a redirection to the scam page that the cybercriminal wants. These sites can display anything from advertisements, phishing pages, and malware, to even trigger another set of redirects.
In other cases, the page users are redirected to shows a captcha that only ends up loading advertising that seems to come from the system itself, instead of being displayed by the browser. Of course, clicking on the advertising can have a number of consequences.
This series of attacks on WordPress sites is suspected to have started on May 9 and has hit 366 sites so far. During the month of April, the contaminated sites reached more than 6 thousand. In closing, Konov said: “It has been found that attackers are targeting multiple vulnerabilities in WordPress plugins and themes to compromise the website and inject their malicious scripts.”
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Justin Morgan on Unsplash.
Facebook: Eagle Tech Corp
Instagram: @eagletech_corp
Twitter: @eagletechcorp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp