Thousands of WordPress sites have been infected by a mystery malware

Malware redirects WordPress traffic to a different site

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Thousands ofWordPresswebsites were infected with an unknown malware variant, cybersecurity researchers from Sucuri have found.

Themalwarewould redirect the visitors to a different website, where ads hosted on theGoogleAds platform would load, bringing in profits for the website’s owners.

The Sucuri team found an unknown threat actor managed to compromise almost 11,000 WordPress-powered websites.

Protecting your business from the biggest threats onlinePerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Redirected

WordPress is the world’s most popularweb hostingplatform, and is generally perceived as secure. However, it also offers countlessWordPress plugins, some of which carry high-severity vulnerabilities.

While the researchers could not pinpoint the exact vulnerability used to deliver this malware, they’re speculating that the threat actors automated the process and probably leveraged whatever known, unpatched flaws they could find.

The malware’s modus operandi is simple - when people visit the infected websites, they would get redirected to a different Q&A website which loaded ads located on Google Ads. That way, Google would essentially get tricked into paying the ad campaign owners for the views, unaware that the views are actually fraudulent.

Thousands of websites hijacked for posioned Google SEO campaign>Thousands of WordPress sites hacked in scam campaign>These are the best firewall software around

Sucuri has been tracking similar campaigns for months now. In late November last year, the researchers spotted a similar campaign that infected roughly 15,000 WordPress sites. The difference between these two campaigns is that in last year’s one - the attackers didn’t bother hiding the malware. In fact, they did the exact opposite, installing more than 100 malicious files per website,

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In the new campaign, however, the attackers went to great lengths to try and hide the existence of the malware, the researchers said. They also made the malware somewhat more resilient to counter-measures, remaining persistent on the sites for longer periods of time.

To protect against such attacks, the researchers said, it’s best to keep the website and all of the plugins up to date, and keep the wp-admin panel secure with a strong password and multi-factor authentication. Those that have already been infected can follow Sucuri’s how-to guide, should change all access point passwords, and place the website behind a firewall.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

This can’t get any better for Black Friday – LG’s B4 OLED TV drops to just $649.99