Malicious SEO campaign compromises 15,000 WordPress sites

Share post:

Hackers have launched a new malicious black hat search engine optimization (SEO) campaign that compromised over 15,000 WordPress websites to redirect visitors to fake Q&A portals.

Each compromised page contains approximately 20,000 files used in the search engine spam campaign, with WordPress being the most commonly used platform.

The attack aims to promote a handful of low-quality fake websites that use similar website creation templates and operate from the same threat scenario.

The hackers are able to modify an average of over 100 files per website, which is in stark contrast to other attacks of this kind, in which only a small number of files are manipulated to reduce the space required and avoid detection.

Wp-signup.php, wp-cron.php, wp-links-opml.php, wp-settings.php, wp-comments-post.php, wp-mail.php, xmlrpc.php, wp-activate.php, wp-trackback.php, and wp-blog-header.php are some of the most frequently infected pages.

The campaign prepares these pages for future use as malware droppers or phishing sites, as even a short-term operation on Google’s first page would lead to a large number of infections. Infected or injected files contain malicious code that checks if website visitors are logged into WordPress and redirects them to the https://ois.is/images/logo-6.png URL if they are not.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

Sleeper Supply Chain Attack Activates After 6 Years

A coordinated supply chain attack has compromised between 500 and 1,000 e-commerce websites by exploiting vulnerabilities in 21...

Russian-Controlled Open Source Tool Raises Alarms Over U.S. Cybersecurity

A widely used open-source Go library, easyjson, used in healthcare, finance and even defence has come under scrutiny...

Signal Archiving Tool Used By Trump Admin Is Breached, Raising Alarms Over Messaging Security (EDITORIAL)

(EDITORIAL) A messaging tool used by Trump administration officials to archive encrypted Signal messages has been hacked —...

Anthropic Warns: AI “Virtual Employees” Could Pose Security Risks Within a Year

Anthropic, a leading artificial intelligence company, anticipates that AI-powered virtual employees could begin operating within corporate networks as...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways