Hundreds of WordPress (opens in new tab) web sites have been contaminated with an unknown malware variant, cybersecurity researchers from Sucuri have discovered. 

The malware would redirect the guests to a distinct web site, the place adverts hosted on the Google Advertisements platform would load, bringing in earnings for the web site’s house owners.

The Sucuri group discovered an unknown menace actor managed to compromise nearly 11,000 WordPress-powered web sites. 

Redirected

WordPress is the world’s hottest website hosting platform, and is usually perceived as safe. Nevertheless, it additionally affords numerous WordPress plugins, a few of which carry high-severity vulnerabilities. 

Whereas the researchers couldn’t pinpoint the precise vulnerability used to ship this malware, they’re speculating that the menace actors automated the method and possibly leveraged no matter identified, unpatched flaws they may discover. 

The malware’s modus operandi is straightforward – when folks go to the contaminated web sites, they’d get redirected to a distinct Q&A web site which loaded adverts situated on Google Advertisements. That manner, Google would primarily get tricked into paying the advert marketing campaign house owners for the views, unaware that the views are literally fraudulent.

Sucuri has been monitoring related campaigns for months now. In late November final yr, the researchers noticed an analogous marketing campaign that contaminated roughly 15,000 WordPress websites. The distinction between these two campaigns is that in final yr’s one – the attackers didn’t hassle hiding the malware. The truth is, they did the precise reverse, putting in greater than 100 malicious information per web site,

Within the new marketing campaign, nonetheless, the attackers went to nice lengths to attempt to disguise the existence of the malware, the researchers mentioned. In addition they made the malware considerably extra resilient to counter-measures, remaining persistent on the websites for longer intervals of time.

To guard towards such assaults, the researchers mentioned, it’s finest to maintain the web site and the entire plugins updated, and maintain the wp-admin panel safe with a robust password and multi-factor authentication. Those who have already been contaminated can observe Sucuri’s how-to information, ought to change all entry level passwords, and place the web site behind a firewall.

• Here is our rundown of the very best web site builders (opens in new tab) proper now