1000+ WordPress sites Hacked in Scam Campaign
According to cybersecurity research, More than 2000 WordPress websites have been hacked as part of a campaign to redirect visitors of sites to a number of scam sites.
Which contain unwanted notification subscriptions, Fake Adobe Flash downloads, Fake surveys, and even giveaways. Last week they have detected this hacking campaign.
The security firm Sucuri first identified the hacking campaign when its researchers detected attackers exploiting vulnerabilities in WordPress plugins.
According to research, CP contact form with PayPal and Simple fields plugins are being exploited but many more plugins have also been targeted.
Suppose if an attacker exploits one of these vulnerabilities, It will automatically allow them to inject JavaScript that loads scripts from the websites a market location and gotosecond2 directly into a site’s theme.
- This vulnerability of WordPress sites could let hackers hijack your entire website.
- Basically it is a jungle out there, We recommend you to don’t leave your WordPress sites in the Wild.
- WordPress Plugins hacked for fake admin accounts.
Suppose if an individual accesses a hacked website, the injected script will try to access two admin URLs (/wp-admin/options-general.php and /wp-admin/theme-editor.php) in the background in order to inject additional scripts and to change sites settings that will automatically redirect visitors.
Although, these sources require admin access so hackers will only work if an admin is accessing the WordPress site.
Scam Pages
The hackers have already written their scripts so that any visitors without admin privileges will be redirected through a series that will lead visitors to various scam pages.
The pages will automatically tell visitors that they should subscribe to browser notifications in order to proceed.
The browser will ask you to click on the allow button to enable notifications then it will redirects visitors to other scam sites pushing Fake Surveys, Tech support scams, and even Fake Adobe Flash player updates.
The company (Sucuri) also told that the attackers had built fake plugin directories which are used to upload additional malware to the compromised websites.
They have also provided more details on how the attackers built fake plugin directories in a Blog post saying:
“Another interesting find is the creation of fake plugin directories that contain further malware and can also be generated through the attacker’s abuse of /wp-admin/ features, namely uploading zip compressed files using the /wp-admin/includes/plugin-install.php file to perform the upload and unzipping of the compressed fake plugin into /wp-content/plugins/.”
Suppose if you are going to check that weather your WordPress site was hacked or not,
The Company recommends everyone to use its free SiteCheck tool to scan your site for malicious content.