"Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages"

A malicious campaign has infected more than 4,500 WordPress websites as part of an operation believed to have been active since at least 2017. Sucuri reported that the infections involve the injection of obfuscated JavaScript hosted on a malicious domain aimed at driving visitors to different unwanted websites. Data shows that the latest operation has been in effect since December 26, 2022. A previous set of attacks observed in early December 2022 affected more than 3,600 websites, while another wave observed in September 2022 affected over 7,000 websites. The malicious code is injected into the WordPress "index.php" file, with Sucuri adding that it has removed such changes from over 33,000 files on hijacked websites during the last 60 days. In recent months, this campaign has steadily shifted from the use of fake CAPTCHA push notification scam pages to black hat 'ad networks.' When users visit one of the compromised WordPress websites, a redirect chain is triggered by a traffic-direction system, placing the victims on pages showing advertisements for products that ironically combat intrusive advertisements. This article continues to discuss the massive campaign that has infected thousands of WordPress websites. 

THN reports "Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages"