Malicious SEO campaign compromises 15,000 WordPress sites

Share post:

Hackers have launched a new malicious black hat search engine optimization (SEO) campaign that compromised over 15,000 WordPress websites to redirect visitors to fake Q&A portals.

Each compromised page contains approximately 20,000 files used in the search engine spam campaign, with WordPress being the most commonly used platform.

The attack aims to promote a handful of low-quality fake websites that use similar website creation templates and operate from the same threat scenario.

The hackers are able to modify an average of over 100 files per website, which is in stark contrast to other attacks of this kind, in which only a small number of files are manipulated to reduce the space required and avoid detection.

Wp-signup.php, wp-cron.php, wp-links-opml.php, wp-settings.php, wp-comments-post.php, wp-mail.php, xmlrpc.php, wp-activate.php, wp-trackback.php, and wp-blog-header.php are some of the most frequently infected pages.

The campaign prepares these pages for future use as malware droppers or phishing sites, as even a short-term operation on Google’s first page would lead to a large number of infections. Infected or injected files contain malicious code that checks if website visitors are logged into WordPress and redirects them to the https://ois.is/images/logo-6.png URL if they are not.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

Cyber Security Today, May 24, 2024 – A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more

A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more. Welcome to Cyber Security...

Canada centralizing cybersecurity efforts of federal IT departments

Federal departments and agencies are making only marginal progress in improving their cyber maturity, Ottawa said Wednesday as...

Cyber Security Today, May 22, 2024 – LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more

LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more. Welcome to Cyber Security...

Google criticizes Microsoft’s security practices in new report

Google has publicly criticized Microsoft for a series of security missteps, suggesting that organizations might consider more secure...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways