Thousands of WordPress websites have been hacked to redirect users to scam pages

WordPress

Cybersecurity researchers at Sucuri have discovered a massive JavaScript Injection Campaign against WordPress websites that redirects users to spam web pages. In this attack, malicious JavaScript code has been injected into several WordPress websites. This code redirects visitors to scam pages.

In this attack, legitimate JS files such as jquery.min.js and jquery-migrate.min.js were altered to inject malicious codes. Malicious codes have been injected into files and databases. Once the code has been injected, it starts redirecting visitors.

Attackers are targeting multiple vulnerabilities in plugins and themes to compromise websites and inject malicious scripts. If you also use WordPress, it is recommended to always keep themes and plugins updated. Attackers have also obfuscated their malicious JavaScript with CharCode to evade detection.

These redirects are used to load advertisements, phishing pages, malware, or even more redirects.

If your website is also redirecting users to random web pages, you can use remote website scanners like SiteCheck to scan and identify malware on your website.

It is not clear how many websites have been infected by this campaign, but PublicWWW estimates that the campaign was responsible for nearly 6,000 infected websites alone. PublicWWW only shows detections for simple script injections, the overall affected websites could be more.

Share this article
Shareable URL
Prev Post

Records of over 21 Million VPN Users leaked in a Telegram Group

Next Post

Realme narzo 50 Pro 5G and narzo 50 5G launching in India on May 18

Leave a Reply
Read next
Subscribe to our newsletter
Get notified of the best deals on our WordPress themes.
0
Share