According to security researchers from Sucuri and Malwarebytes, thousands of WordPress sites were hacked and maliciously attacked this month. Although the entries for these events seem to be different, they all follow a similar pattern — loading malicious code from known threats.
Researchers believe that intruders are looking for ways to gain access to these sites. Instead of exploiting vulnerabilities in WordPress CMS itself, they exploit vulnerabilities in outdated themes and plugins. When they gain access to the site, they create a backdoor to access and modify the code for the site in the future.
According to Jérôme Segura, a security researcher at Malwarebytes, the malicious code filters users who have visited an infected website and redirects some users to a technical support scam. Some of these professional support scams use Google Chrome’s “evil cursor ” vulnerability to prevent users from shutting down malicious websites.