Nearly 7,000 WordPress websites have been compromised in a widespread campaign that involved malicious JavaScript code injection that redirects site visitors to malicious websites, reports The Hacker News.
Threat actors behind the campaign deployed obfuscated JavaScript to website files and databases, including jquery.min.js and jquery-migrate.min.js, according to a report from Sucuri. Redirect chain domains could then be leveraged for loading malware, phishing pages, advertisements, and other redirects, including a rogue landing page with a phony CAPTCHA check. Clicking the CAPTCHA check would then trigger advertisements seemingly appearing from the operating system rather than the web browser.
The report noted that 322 websites have been hit by the attack since Monday but more than 6,500 websites have been breached last month.
"It has been found that attackers are targeting multiple vulnerabilities in WordPress plugins and themes to compromise the website and inject their malicious scripts," wrote Sucuri malware analyst Krasimir Konov.