WordPress sites injected with malicious JavaScript

Another cyberattack has been reported. A massive campaign has been reported by cybersecurity researchers. The campaign was responsible for injecting malicious JavaScript code into compromised WordPress websites. Malicious JavaScript redirects visitors to fraudulent pages or other malicious websites that create illegitimate traffic.

According to a malware analyst at Sucuri, Mr. Krasimir Konov, a common problem was shared by all websites; their website files and database, which includes legitimate WordPress core files, were infected with malicious JavaScript.

Files such as jquery.min.js and jquery-migrate.min.js with an obfuscated JavaScript hat enabled on every page load were infected. With the infection, the attacker would redirect the website visitor to the destination of their choice.

Domains at the end of the redirect chain due to malicious JavaScript, can easily redirect the chain and can be used to load advertisements, phishing pages, viruses or malware or even start a cycle of additional redirects, the GoDaddy-owned security company says the website.

This wave of cyberattacks appears to be a continuation of the wave that was detected last month. Since May 9, the cyberattack has affected approximately 322 websites. The April attack hit and hacked over 6,500 websites.

Due to malicious JavaScript, users are sometimes redirected to a page that is a fake CAPTCHA check. The unwanted malicious ads are disguised in the CAPTCHA check, and while the viewer clicks, the unwanted ads get their clicks while the viewer thinks it is a security check operated from the operating system.

Malware analyst Mr. Konov further added that these attacks target weak spots and vulnerabilities in WordPress. They compromise the website themes and plugins and the malicious scripts are injected.

Also Read: FBR Computer Systems Suffer Cyberattack

Comments are closed.