(Image credit: Shutterstock)
Cybercriminals have launched a major malicious campaign with the goal of promoting obscure, low-quality Q&A sites, new research has found.
A report from cybersecurity researchers Sucuri states that a unique piece of WordPress sits at the center of this campaign.
According to the report, the campaign was first observed in September 2022, when the team spotted a surge in malware that was redirecting visitors to fake Q&A sites via ois[.]is. The goal of the malicious redirects was to boost the authority of these Q&A sites in the eyes of search engines - and in total, almost 15,000 websites have been affected, so far.
Hundreds of infected files
What makes this campaign stand out from all the other malicious SEO campaigns is that the threat actors aren’t really trying hard to hide the malware on these sites. In fact, they’re doing the exact opposite.
Usually, website malware infections limit themselves to a small number of files, to be able to fly under the radar. With this campaign, the average website has more than 100 infected files, making it somewhat unique in that respect. Most commonly, the malware would affect core WordPress files, such as ./wp-signup.php, ./wp-cron.php, ./wp-links-opml.php, ./wp-settings.php, and ./wp-comments-post.php.
However, this malware was also observed infecting malicious .php files created by other unrelated malware campaigns, as well.
> > >
“Since the malware intertwines itself with the core...
Read Full Story: https://news.google.com/__i/rss/rd/articles/CBMiXmh0dHBzOi8vd3d3LnRlY2hyYWRhci5jb20vbmV3cy90aG91c2FuZHMtb2Ytd2Vic2l0ZXMtaGlqYWNrZWQtZm9yLXBvc2lvbmVkLWdvb2dsZS1zZW8tY2FtcGFpZ27SAQA?oc=5
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.
