“If you’ve visited a website in recent days and have been accidentally redirected to the same pages with schematic” resources “or unwanted ads, it’s likely that the site was 1) created using WordPress tools and 2) hacked,” he said. Gizmodo. Details are taken from this post in the blog of researchers Sucuri (security provider owned by GoDaddy):
As noted in our latest report on hacked websites, we are tracking a long-running campaign responsible for introducing malicious scripts to hacked WordPress websites. The company exploits known vulnerabilities in WordPress themes and plugins and has affected a huge number of websites over the year – for example, according to PublicWWW, the April wave of this campaign was the cause of only nearly 6,000 infected websites. Since these PublicWWW results show detection only for simple injection scenarios, we can assume that the volume is much larger.

We recently researched a number of WordPress websites that complain about unwanted redirects. Interestingly, they were associated with a new wave of this massive campaign and sent website visitors through a series of redirects to show them unwanted ads. All websites had a common problem – malicious JavaScript was introduced into the files of their website and into the database, including legitimate WordPress core files … This JavaScript was added under the current script or in the title of the page where it ran on each loading pages, redirecting site visitors to an attacker’s destination …. Domains at the end of the redirect chain can be used to load ads, phishing pages, malware and even more redirects.

At the time of writing, PublicWWW has reported 322 websites affected by this new wave … Given that this number does not include pervasive malware or sites that have not yet been scanned by PublicWWW, the actual number of websites affected is likely to be much higher. Our team has noticed an influx of complaints about this particular wave of mass campaigns targeting WordPress sites since May 9, 2022, which affected hundreds of websites at the time of writing …

We expect hackers to continue registering new domains for this permanent company as soon as existing ones are blacklisted.
“It’s important to note that these hacks are related to themes and plugins created by thousands of third-party developers using open source WordPress software, not WordPress.com, which offers hosting and tools for creating websites,” notes Gizmodo. But it also quotes this warning from Sucuri malware analyst Krassimir Konov:
“This page causes unsuspecting users to subscribe to push notifications from the malicious site. If they click on a fake CAPTCHA, they will be enabled to receive unwanted ads, even if the site is not open – and the ad will look as if it came from the operating system as well. not from the browser, ”Konov wrote.

Source by [author_name]

Previous articleSaturday, May 14, 2022 – Citizen
Next articleAn online admission to Gauteng schools will soon open in 2023 – SABC News