Researchers believe it could be intentional to advertise new cryptocurrencies in a pump-and-dump, ICO fraud. The visitors are redirected to a range of low-quality websites developed on the Question2Answer CMS, and the discussion topics are mostly related to cryptocurrency or blockchain. Some even mimic the names of popular shortening services, such as Bitly. It must be noted that almost all of the malicious URLs appear to belong to the same URL-shortening service. In the past two months, Sucuri researchers have identified over 75 pseudo-short URL domains linked with redirected traffic. These had an obfuscated PHP script injected into the legitimate files on the websites, such as index.php, wp-activate.php, wp-signup.php, and wp-cron.php, etc. The activity has further intensified recently, with 70 new malicious domains disguised as legitimate in 2023 and 2,600 infected sites discovered on the web.Īll the infected websites detected by Sucuri were using WordPress CMS. The company’s SiteCheck remote scanner has detected more than 10,890 infected sites. Backdoor Redirecting Visitors to Hacked SitesĪccording to Sucuri’s research, the backdoor redirects users to sites that show fraudulent views of Google AdSense ads. In fact, a study revealed that Google Drive accounted for 50% of malicious Office document downloads in 2022. It is a fact that, lately, several Google products have been exploited and abused to spread malware and other malicious components, including Google Ads, Google Home, and Google Drive. Here are the details shared by Sucuri in its technical report. Sucuri researchers have reported a backdoor that has successfully infected around 11,000 websites in recent months. The campaign has been active since September 2022, and the recent surge in website infections was noted in January 2023.
0 kommentar(er)
