Thousands of WordPress websites in the sights of hackers
A new report from Sucuri shows that there is a campaign to attack thousands of websites using WordPress CMS.
Cybersecurity researchers have reported a massive campaign to inject malicious JavaScript code into websites website WordPress to redirect traffic to phishing and malicious websites, generating unwanted traffic.
According to Krasimir Konov, an analyst at Sucuri, websites are injecting JavaScript code into files and databases, including core WordPress files. What the victim websites have in common is navigation to the drakefollow domain.
 |
Page with malicious content is redirected to Screen capture |
In the vast majority of cases the two files jquery.min.js and jquery-migrate.min.js already have obfuscated code (Obfuscation) and are activated on page load. This allows attackers to redirect traffic from users to malicious websites.
This involved infecting files like jquery.min.js and jquery-migrate.min.js with obfusated JavaScript triggered on every page load, allowing attackers to redirect website visitors destination of their choice.
The website security company owned by GoDaddy identifies the Domain redirected to can be used to download advertisementphishing content, malware, or even trigger a bunch of other navigation.
In some cases, users were taken to a page containing fake CAPTCHA code, which served ads disguised as operating system notifications.
The campaign was discovered on May 9, and recorded 322 websites infected with malicious code. In April, a similar series of attacks infiltrated more than 6,500 websites running WordPress CMS.
The security analyst said that the attacker’s trick is to target many vulnerabilities in WordPress plugins and themes to infiltrate and insert malicious code.
at Blogtuan.info – Source: thanhnien.vn – Read the original article here
