Over 2000 WordPress Sites Hacked to Propagate Scam Campaign
- The hacking campaign makes use of previously known vulnerabilities in WordPress plugins.
- Some of the vulnerable plugins exploited include the ‘CP Contact Form with PayPal’ and the ‘Simple Fields’.
More than 2000 WordPress sites have been hacked by cybercriminals for a scam campaign that redirects visitors to several scam sites.
What does the report say?
Discovered by researchers from Sucuri, the hacking campaign makes use of previously known vulnerabilities in WordPress plugins. Some of the vulnerable plugins exploited include the ‘CP Contact Form with PayPal’ and the ‘Simple Fields’.
- When exploited, the vulnerabilities allow the attackers to inject JavaScript that loads scripts from malicious domains like gotosecond2[.]com, adsformarket[.]com, admarketlocation[.]com, and admarketresearch[.]xyz.
- When a visitor accesses the hacked site, the injected script will attempt to /wp-admin/options-general.php and the /wp-admin/theme-editor.php administrative URLs in the background. These URLs are further abused to inject scripts or change WordPress settings to redirect visitors to various scam pages containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads.
- However, in order to inject scripts, these URLs require administrative access.
- Apart from injecting malicious JavaScript, attackers have also been found to have created fake plugin directories that are used to upload further malware to the compromised sites. These have been created by abusing the /wp-admin/includes/plugin-install.php file.
- Once a user subscribes to the notifications by clicking on the ‘Allow’ button, they would be redirected to other scam sites.
Conclusion
Website owners are urged to disable the modification of primary folders to block hackers from inserting malicious files. Meanwhile, experts claim that attackers will continue to register new domains or leverage existing unused domains to conduct such scam campaigns in the future.
Source: https://cyware.com/news/over-2000-wordpress-sites-hacked-to-propagate-scam-campaign-e94ef815
Want to get the best solution for your business?
At Tristar Tech Solutions, we take a realistic approach to technology – ensuring our client’s systems are best protected.
If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.
To book a consultation or to arrange a further discussion, please get in touch.
If you’re looking for IT support in Hertfordshire or IT support in North London, contact us today, and a member of our team would be more than happy to advise you.