- Nov 3, 2019
- 413
Over 2,000 Wordpress sites have been hacked to fuel a campaign to redirect visitors to scam sites containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads.
This hacking campaign was discovered by website security firm Sucuri who detected attackers exploiting vulnerabilities in Wordpress plugins during the third week of January 2020.
Sucuri researcher Luke Leak told BleepingComputer that some of the vulnerable plugins seen being exploited are the "CP Contact Form with PayPal" and the "Simple Fields" plugins, but we were told that other plugins are likely being targeted as well.
When exploited, the vulnerabilities allow the attackers to inject JavaScript that loads scripts from admarketlocation[.]com and gotosecond2[.]com directly into the site's theme as shown below.
When a visitor accesses the hacked site, the injected script will attempt to access the /wp-admin/options-general.php and the /wp-admin/theme-editor.php administrative URLs in the background to further inject scripts or change Wordpress settings that also redirect the visit
This hacking campaign was discovered by website security firm Sucuri who detected attackers exploiting vulnerabilities in Wordpress plugins during the third week of January 2020.
Sucuri researcher Luke Leak told BleepingComputer that some of the vulnerable plugins seen being exploited are the "CP Contact Form with PayPal" and the "Simple Fields" plugins, but we were told that other plugins are likely being targeted as well.
When exploited, the vulnerabilities allow the attackers to inject JavaScript that loads scripts from admarketlocation[.]com and gotosecond2[.]com directly into the site's theme as shown below.
When a visitor accesses the hacked site, the injected script will attempt to access the /wp-admin/options-general.php and the /wp-admin/theme-editor.php administrative URLs in the background to further inject scripts or change Wordpress settings that also redirect the visit
