Thousands of WordPress sites are infected with the malicious code

According to security researchers from Sucuri and Malwarebytes, thousands of WordPress sites were hacked and maliciously attacked this month. Although the entries for these events seem to be different, they all follow a similar pattern — loading malicious code from known threats.

Researchers believe that intruders are looking for ways to gain access to these sites. Instead of exploiting vulnerabilities in WordPress CMS itself, they exploit vulnerabilities in outdated themes and plugins. When they gain access to the site, they create a backdoor to access and modify the code for the site in the future.

In most cases, they will modify the PHP or JavaScript files to load malicious code, although some users report their changes to the database tables.

According to Jérôme Segura, a security researcher at Malwarebytes, the malicious code filters users who have visited an infected website and redirects some users to a technical support scam. Some of these professional support scams use Google Chrome’s “evil cursor ” vulnerability to prevent users from shutting down malicious websites.

This WordPress site hijacking began this month and had intensified in recent days. Putting the JavaScript malicious code snippet of this attack into a search engine search will have more than 2,500 results. And this is only a small part of the total number of sites hacked.

Via: ZDNet