"Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites"

Cybersecurity researchers have discovered a malicious campaign responsible for injecting malicious JavaScript code into compromised WordPress websites that redirect visitors to scam pages and other malicious websites to generate illegitimate traffic. Malicious JavaScript had been injected within the websites' files and databases, including legitimate core WordPress files. The campaign involves infecting files such as jquery.min.js and jquery-migrate.min.js with obfuscated JavaScript that is activated on every page load. This activity allows the attacker to redirect the website visitors to a destination of their choice. According to Sucuri, the domains at the end of the redirect chain could be used to load advertisements, phishing pages, and malware or trigger another set of redirects. In some cases, users were taken to a rogue redirect landing page with a fake CAPTCHA check that serves unwanted ads appearing to come from the operating system and not from a web browser. This article continues to discuss the hacking of thousands of WordPress sites to take visitors to malicious sites. 

THN reports "Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites"