Thousands of websites hijacked for posioned Google SEO campaign

By Scott Marlette Last updated Nov 10, 2022

Cybercriminals have launched a major malicious SEO campaign with the goal of promoting obscure, low-quality Q&A sites, new research has found.

A report from cybersecurity researchers Sucuri states that a unique piece of WordPress malware sits at the center of this campaign.

According to the report, the campaign was first observed in September 2022, when the team spotted a surge in WordPress malware that was redirecting website (opens in new tab) visitors to fake Q&A sites via ois[.]is. The goal of the malicious redirects was to boost the authority of these Q&A sites in the eyes of search engines – and in total, almost 15,000 websites have been affected, so far.

Hundreds of infected files

What makes this campaign stand out from all the other malicious SEO campaigns is that the threat actors aren’t really trying hard to hide the malware on these sites. In fact, they’re doing the exact opposite.

Usually, website malware infections limit themselves to a small number of files, to be able to fly under the radar. With this campaign, the average website has more than 100 infected files, making it somewhat unique in that respect. Most commonly, the malware would affect core WordPress files, such as ./wp-signup.php, ./wp-cron.php, ./wp-links-opml.php, ./wp-settings.php, and ./wp-comments-post.php.

However, this malware was also observed infecting malicious .php files created by other unrelated malware campaigns, as well.

“Since the malware intertwines itself with the core operations of WordPress the redirect is able to execute itself in the browsers of whoever visits the site,” the researchers explained.

Redirects to spam websites are hardly a novel approach to cybercrime, Sucuri’s researchers added. In fact, more than half (50%) of the malware the company cleaned up last year was SEO spam. Also, spam takes up more than a third of all malware detections from its SiteCheck tool.

“That said, spam redirects in particular are not as common with just over 13% of all SEO spam infections classified as a malicious redirect,” the company concluded.

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.