While the first one directed users to spammy sports websites, the second injection increased the authority of spammy casinos sites in search engines.
Sucuri’s cybersecurity experts have published their findings on that can compromise the system’s security. Often, already-discovered flaws in WordPress are used to compromise multiple WordPress websites with multiple infections.
Researchers found that it is very likely for outdated websites to be exploited multiple times by attackers or that the hacker could target multiple sites using different channels. Sucuri researchers recently discovered this scenario. They found two types of malware in a database injection that was used to accomplish two completely different purposes. The malware can be spread across a WordPress database.
Users were redirected to spammy sports websites by the first injection, while the second boosts the authority of spammy casinos sites in search engines. According to Sucuri, the first injection impacted nearly 270 websites, while the second affected 82.
This domain is responsible for the redirection process. The browser is instructed to wait for 60 seconds, after which a redirect is made to the domain “hxxp://redirect4xyz.” The user is redirected again, and they arrive on this spam domain: hxxp://pontiarmadacom when the first redirecting process is complete. The spammed website contains iframes which distribute malware to ignorant users.
The second injection’s domain, “hxxp://nomortogelkuxyz,” is a gambling casino site that uses a common methodology to boost its authority in search engines. To increase its domain authority, this attacker employed a black-hat SEO technique and created an invisible link on all the compromised websites to make it appear authentic.
Notable is the fact that both injections, according to Sucuri’s , use the “.xyz” domain extension. This is a common attack vector for such campaigns. This domain extension is often used in large numbers because it’s cheaper for the first year.
The presence of multiple infections on the exact same website shows that attackers are able to spread malware from one site. This also illustrates how bad actors can use a single vulnerability to infect a site.
To gain full access, threat actors are able to monetize outdated websites with various malware. The issue lies in that allow multiple threat actors access to malware and enable them to distribute it.
Keep your WordPress plugin themes up to date and enable auto-updates. This will ensure that any vulnerabilities are fixed promptly. A web application firewall is a great way to protect vulnerable sites from attacks due to flaws.
Administrator user counts should be kept low and passwords for every account should be stronger. To protect WordPress admin accounts against unauthorized access, .