Thousands of WordPress websites were infected with an unknown malware variant that cybersecurity researchers from Sucuri have found.
Malware would redirect visitors to a different website where ads from the Google Ads platform would load. This would make money for the malware website's owners.
The Sucuri team found that an unknown threat actor had managed to compromise almost 11,000 WordPress-powered websites.
Redirected
WordPress is the worlds most popular web hosting platform that is generally perceived as being secure. However, it also offers countless WordPress plugins, some of which carry high-severity vulnerabilities.
The researchers think that the threat actors used a vulnerability to deliver the malware. They don't know which vulnerability it was, but they're guessing that it was something that was already known and unpatched.
The malware works by redirecting people to a different website that loaded ads from Google. This way, Google would be tricked into paying the ad campaign owners for the views, which are actually fraudulent.
Sucuri has been tracking similar campaigns for a while now. In late November last year, we saw a campaign that infected around 15,000 WordPress sites. The difference between this campaign and the others we've seen is that the attackers didn't try to hide the malware in this one. They installed more than 100 malicious files on each website.
This new campaign is different than the old one in a few ways. First, the attackers tried to hide the malware from being found. Second, the malware was made more persistent so it would stay on the sites longer.
To keep yourself safe from website attacks, make sure to keep your website and all of its plugins up to date, and use a strong password and multi-factor authentication on your wp-admin panel. If you've already been infected, follow Sucuri's how-to guide to changing your passwords and protecting your website behind a firewall.