WordPress Popunder Malware Redirects to Scam Sites

02-Apr-22

We’ve witnessed a continuous virus outbreak that leads website users to fraudulent sites throughout the previous year. So far this year, our monitoring has found over 3,000 websites infected with this injection, bringing the total number of sites affected to over 17,000 since March 2021.

The attackers don’t appear to have targeted any specific vulnerable plugin or theme, as this has occurred in fully updated WordPress setups. The attackers appear to be exploiting the built-in file editor functionality to inject malware into wp-admin administrator accounts that have been compromised (either by brute force, password stuffing, or leaked credentials).

[Read More…]