Cybersecurity experts have revealed a large campaign to inject malicious JavaScript code in compromised WordPress websites. This redirects users to malicious sites and scam pages to get illegitimate visitors.
“The websites all shared a common issue — malicious JavaScript had been injected within their website’s files and the database, including legitimate core WordPress files,” Krasimir Konov, a malware analyst at Sucuri, said in a report published Wednesday.
This involved infecting files such as jquery.min.js and jquery-migrate.min.js with obfuscated JavaScript that’s activated on every page load, allowing the attacker to redirect the website visitors to a destination of their choice.
The GoDaddy-owned security firm stated that domains located at the end the redirect chain can be used to load ads, phishing webpages, malware or trigger another set.
In some instances, unsuspecting users are taken to a rogue redirect landing page containing a fake CAPTCHA check, clicking which serves unwanted ads that are disguised to look as if they come from the operating system and not from a web browser.
The campaign — a continuation of another wave that was detected last month — is believed to have impacted 322 websites so far, starting May 9. The April set of attacks, on the other hand, has breached over 6,500 websites.
” “It was discovered that attackers target multiple vulnerabilities in WordPress themes and plugins to compromise websites and inject malicious scripts,” Konov stated.
