Posted on September 24, 2018 at 7:18 AM
WordPress sites numbering up to thousands have come under serious malicious code attack this month. This code works by redirecting users to some support tech basis which are scams. This support tech makes use of Chrome bug tagged “evil cursor” in its operation.
WordPress websites are currently having it tough as a result of infractions on it by hackers. This hacking is carried out with the aid of codes that are malicious. The website comprises began in this month based on reports made available by Malwarebytes and Sucuri.
From the manner in which all attacks were recorded, researchers opined that there was no much difference in the pattern of attack. Even though each attack seems to have different entry vector, the regular pattern is for hackers to send malicious codes to the sites from a popular actor.
In the views of researchers, intruders are able to gain access to WordPress sites due to the usage of plugins and themes that are outdated. That puts aside any suspicion about whether the compromise came as a result of loopholes in WordPress itself.
Mode of Action of the Malicious Codes
According to Jerome who is a security researcher at Malwarebytes, when people visit WordPress sites that have been infiltrated by these codes, they get redirected to scams in the name of tech support. And while studying the trend of the attack, Jerome submitted that it was not much different from a popular system that distributes traffic. This system is commonly used by many campaigns for malware distribution.
Furthermore, according to researchers, many of the tech support scams which WordPress visitors eventually get redirected to use evil cursor Chrome bug. This is to enable them to disenable users from closing the malicious website page. In fact, this was the first thing that brought researchers’ attention to this security compromise.
Findings from Sucuri suggests that the WordPress hijacking began early this month although Segura says the intensity has increased greatly in the past few days.
Many Sites Affected Already
Just last week, a report came out from ZDNet that many hackers do scan the internet so as to discover and exploit the latest loopholes associated with a common WordPress plugin.
Although Sucuri has not come out to state whether it was the vulnerability they discover then that attackers are now acting on, the research company has come up to affirm the earlier report.