A large number of WordPress sites have been hacked and compromised with malicious code this month, as per security specialists at Sucuri and Malwarebytes.
All compromises appear to take after a comparable example – to stack malicious code from a known threat actor – in spite of the fact that the passage vector for every one of these occurrences has all the earmarks of being extraordinary.
Specialists trust gatecrashers are accessing these sites not by abusing flaws in the WordPress CMS itself, yet vulnerabilities in obsolete themes and plugins. When they access a site, they plant an backdoor access for future access and make adjustments to the site’s code.
Malwarebytes security specialist Jérôme Segura said this malicious code filters clients visiting the compromised off sites and diverts some to technical support tricks.
Segura also said that some of tech support scams that users are landing on are using the “evil cursor” Chrome bug to prevent users from closing the malicious site’s tab, a trick that the researcher first spotted last week.
The WordPress scam has seen to started this month and only intensified in the past few days with thousands of websites being compromised and hacked by hackers. Some of the traffic patterns during the redirection process found to mimic that of well-known traffic distribution systems used by many malware distribution campaigns.
Image via WP Hack Helped