Anatomy of a campaign to inject JavaScript into compromised WordPress sites

2022-05-13 04:09

A years-long campaign by miscreants to insert malicious JavaScript into vulnerable WordPress sites, so that visitors are redirected to scam websites, has been documented by reverse-engineers.

"The websites all shared a common issue - malicious JavaScript had been injected within their website's files and the database, including legitimate core WordPress files," Konov wrote.

Essentially, miscreants are compromising websites, and then try to automatically inject their own malicious code into any.

WordPress powers about 43 percent of the websites on the internet, according to W3Techs, but that reach also makes it a popular target for bad actors.

About 90 percent of the requests they get for cleaning up a website were related to WordPress, with malicious redirects being the result of some of the most common malware infections, Sucuri said.

"As new vulnerabilities in WordPress plugins are discovered, we anticipate that they will be caught up in the massive ongoing redirect campaign sending unsuspecting victims to fraudulent websites and tech support scams," they wrote.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/13/wordpress-redirect-hack/

#javascript #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	409	104	29	578