Thousands of WordPress sites hacked in scam campaign

By January 23, 2020 No Comments

New analysis has published that over 2,000 WordPress websites have hacked as a part of a marketing campaign to redirect guests to plenty of rip-off websites which include undesirable notification subscriptions, pretend surveys, giveaways or even pretend Adobe Flash downloads.

The safety company Sucuri first came upon the hacking marketing campaign when its researchers detected attackers exploiting vulnerabilities in WordPress plugins. In step with the company’s Luke Leal, CP Touch Shape with PayPal and the Easy Fields plugins are being exploited however different plugins have most probably additionally been focused.

When an attacker exploits any such vulnerabilities, it lets them inject JavaScript that lots scripts from the websites admarketlocation and gotosecond2 at once right into a website’s theme. 

  • This WordPress vulnerability may let hackers hijack your whole website
  • It is a jungle in the market: Do not depart your WordPress websites within the wild
  • WordPress plugins hacked for pretend admin accounts

As soon as a customer accesses a hacked website, the injected script will attempt to get right of entry to two administrative URLs (/wp-admin/options-general.php and /wp-admin/theme-editor.php) within the background to be able to inject further scripts or to modify WrodPress settings that may also redirect guests. Then again, those URLs require administrative get right of entry to so they’re going to handiest paintings if an administrator is having access to the website.

Rip-off pages

The attackers have written their scripts in order that guests with out administrative privileges will probably be redirected via a sequence of web sites that can ultimately cause them to quite a lot of rip-off pages. Those pages then inform customers that they will have to subscribe to browser notifications to be able to continue.


Clicking at the permit button to permit notifications then redirects guests to different rip-off websites pushing pretend surveys, tech reinforce scams and faux Adobe Flash Participant updates.

Sucuri additionally came upon that the attackers had created pretend plugin directories which can be used to add further malware to the compromised websites. Leal equipped additional main points on how the attackers created pretend plugin directories in a weblog publish, announcing:

“Every other fascinating to find is the advent of faux plugin directories that include additional malware and may also be generated in the course of the attacker’s abuse of /wp-admin/ options, specifically importing zip compressed recordsdata the use of the /wp-admin/comprises/plugin-install.php document to accomplish the add and unzipping of the compressed pretend plugin into /wp-content/plugins/.”

To look in case your WordPress website has been hacked, Sucuri recommends the use of its unfastened SiteCheck software to scan for malicious content material.

  • We now have additionally highlighted the most productive antivirus instrument

By the use of BleepingComputer