BleepingComputer reports that more than 39,000 WordPress sites have been compromised to display popup ads and redirects as part of the widespread Sign1 malware campaign during the past six months, with 2,500 sites infected since January alone.
Threat actors behind the campaign have deployed brute-force attacks to infiltrate WordPress sites before exploiting HTML widgets and the Simple Custom CSS and JSS plugin to facilitate Sign1 malware injection, according to a report from Sucuri. Time-based randomization has been leveraged by the malware to produce dynamic URLs that enable the retrieval of malicious code, researchers said. Such a code, which allows not only XOR encoding but also specific cookie and referrer tracking to better target individuals visiting Google, Instagram, Facebook, and Yahoo, then activates popups and redirects to fraudulent sites with lures to activate browser notifications. Website administrators have been urged to strengthen their credentials, ensure updated plugins, and remove unneeded add-ons to prevent compromise.
Cloud Security
Thousands of WordPress sites impacted by Sign1 malware campaign
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds