Security News > 2022 > May > Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites
2022-05-12 03:09

Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic.

"The websites all shared a common issue - malicious JavaScript had been injected within their website's files and the database, including legitimate core WordPress files," Krasimir Konov, a malware analyst at Sucuri, said in a report published Wednesday.

Js with obfuscated JavaScript that's activated on every page load, allowing the attacker to redirect the website visitors to a destination of their choice.

The GoDaddy-owned website security company said that the domains at the end of the redirect chain could be used to load advertisements, phishing pages, malware, or even trigger another set of redirects.

The April set of attacks, on the other hand, has breached over 6,500 websites.

"It has been found that attackers are targeting multiple vulnerabilities in WordPress plugins and themes to compromise the website and inject their malicious scripts," Konov said.


News URL

https://thehackernews.com/2022/05/thousands-of-wordpress-sites-hacked-to.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157