Cybersecurity researchers at Sucuri have discovered a massive JavaScript Injection Campaign against WordPress websites that redirects users to spam web pages. In this attack, malicious JavaScript code has been injected into several WordPress websites. This code redirects visitors to scam pages.
In this attack, legitimate JS files such as jquery.min.js and jquery-migrate.min.js were altered to inject malicious codes. Malicious codes have been injected into files and databases. Once the code has been injected, it starts redirecting visitors.
Attackers are targeting multiple vulnerabilities in plugins and themes to compromise websites and inject malicious scripts. If you also use WordPress, it is recommended to always keep themes and plugins updated. Attackers have also obfuscated their malicious JavaScript with CharCode to evade detection.
These redirects are used to load advertisements, phishing pages, malware, or even more redirects.
If your website is also redirecting users to random web pages, you can use remote website scanners like SiteCheck to scan and identify malware on your website.
It is not clear how many websites have been infected by this campaign, but PublicWWW estimates that the campaign was responsible for nearly 6,000 infected websites alone. PublicWWW only shows detections for simple script injections, the overall affected websites could be more.
