Hackers are using WordPress themes, Hawk scam plugins

Photo shows magnifying glass on screen with computer code.

According to security firm Sucuri, thousands of WordPress websites have been compromised by known vulnerabilities in recent months.
photo: Jack Guz/AFP (Getty Images)

If you have visited the websitewebsite the last few days and have been Randomly redirect to the same page For sketchy “resources” or unwanted ads, most likely The website in question is 1) built using WordPress tools and 2) was hacked.

Sucuri researchers Security provider owned by GoDaddy, Revealed Wednesday The hackers behind the months-long campaign focused on injecting malicious scripts into WordPress themes and plugins with known security flaws.

Notably, these hacks are related to themes and plugins built by thousands of third-party developers using the open-source WordPress software, not WordPress.comwhich one Provide hosting and tools Build a website. WordPress.com’s parent company, Automattic, is a major contributor to the software, but does not own it.

According to Sucuri, 322 WordPress sites with plugins and themes were affected by this new vulnerability, although “the actual number of affected sites is likely much higher.”

In April alone, hackers used this tactic to infect nearly 6,000 websites, said Sucuri malware analyst Krasimir Konov.

Sucuri noticed the hackers’ intrusions this past Monday while investigating WordPress sites that complained of unwanted redirects. All of the websites shared a common issue, Konov explained; they contained a malicious JavaScript hidden in their files and databases.

The JavaScript creates redirects that lead users to a range of poisoned apples, including phishing pages and malware, the researcher explained. Worst of all, visitors might not even notice they’re going down the internet’s version of a dark and dangerous alley, as the redirect landing page looks fairly innocent.

“This page tricks unsuspecting users into subscribing to push notifications from the malicious site. If they click on the fake CAPTCHA, they’ll be opted in to receive unwanted ads even when the site isn’t open — and ads will look like they come from the operating system, not from a browser,” Konov wrote.

If that weren’t bad enough, Konov said that opt-in manuevers for push notifications are one of the most common ways hackers can run tech support scams. These consist of the annoying windows that pop up out of nowhere to tell you that your computer is infected and that you should call a phone number to get it fixed. Do not do this. The Federal Trade Commission, which is an expert in detecting scams, helpfully pointed out True safety messages and warnings don’t ask you to dial a phone number for technical assistance.

WordPress.com told Gizmodo on Thursday that plugins and themes are written and maintained independently of the core WordPress software. Regarding Sucuri’s report, the company said any plugins or themes hosted on the software’s website, WordPress.org, “are regularly scanned for vulnerabilities.”

“Plugin and theme authors are notified immediately if a security issue is discovered. According to Sucuri’s report, any unpatched plugin is either down or not hosted on WordPress.org. WordPress.org also provides theme developers and plugin developers with Security resources,” a WordPress.com spokesperson said. “For self-hosted sites, WordPress users are notified and encouraged by default to update core software, plugins, and themes.”

The spokesperson added that the website hosted on WordPress.com also provides services to resolve the vulnerabilities mentioned in the report.

Source link