Sucuri pinpoints a long-lasting campaign that injects malicious scripts into compromised WordPress websites. It exploits a vulnerability in WordPress themes and plugins. Research shows that at least 6,000 WordPress websites are affected by the campaign in April.
The attackers automatically infect any .js files with jQuery in the names. It redirects the visitor to one of these domains:
« It has been found that attackers are targeting multiple vulnerabilities in WordPress plugins and themes to compromise the website and inject their malicious scripts. We expect the hackers will continue registering new domains for this ongoing campaign as soon as existing ones become blacklisted.