Search This Blog

Powered by Blogger.

Blog Archive

Labels

Wordpress Websites Compromised; Injected With JavaScript Code

WordPress websites compromised by the thousands redirect to Tech-support scams.


A recent decision from Google to prohibit technical support advertisements from unverified operators leads to the trading off of thousands of Wordpress websites on the while being injected with JavaScript code that side-tracks users to these technical support scam pages.

Jérôme Segura of Malwarebytes was the one who pinned the attacks as they began in early September. He observed a substantial encoded ad spot, usually in the HTML header, or one line of code indicating the external JavaScript code.


The code in the HTML header would deobfuscate to something like this:


Attackers utilize the technique in order to imitate the practices of lawful organizations and use a legit advertisement platform for the promotion of their technical support services, which additionally paints them as reliable according to the potential victim.

The as of late observed attacks take after the classic formula to persuade users to call for technical support: a divert to a page demonstrating a notice about viruses running uncontrolled on the PC, and an advantageous toll-free support phone number.

Segura while talking with the Bleeping Computer says that, "We are  pushing ads for some geolocations and user agents, we’ve also seen campaigns designed to redirect to websites that inject the CoinHive JavaScript miner, allowing the attacker to spend the resources of users' computers to mint Monero cryptocurrency for as long as the compromised page is opened.”

A few sites apart from Malwarebytes have also likewise recognized the compromised 'wp_posts' table of the WordPress database, which stores all the content posts, pages, and their corrections, alongside navigation menu item, media records, and substance utilized by plugins.

Share it:

Google

Tech-support ads

WordPress hacks