Hackers were able to exploit a serious security flaw in popular web design and hosting platform WordPress.
Researchers at security firm Wordfence discovered a raft of attacks utilising fake admin accounts created by criminals to try and access unprotected websites.
According to the company, attackers were able to take advantage of pre-existing vulnerabilities in WordPress plugins to inject malicious JavaScipt into unsuspecting sites. This payload would redirect visitors to the infected website to potentially harmful content including fake web pages, malicious popups and malware droppers.
The infected plugins include popular offerings such as Live Chat with Facebook Messenger, WP Live Chat Support and Visual CSS Style Editor.
As well as attempting to redirect traffic, the campaign also includes the injection of additional scripts to try and install a backdoor that looks to create fake admin accounts to gain access directly to a user’s account.
Wordfence says it has tracked the source of the attacks to multiple IP addresses across the world, all but one of which – a Rackspace server issuing the bulk of the attacks- have now gone offline. The company says it has informed Rackspace of the threat, but is yet to hear back.
“As always, updating the plugins and themes on your WordPress site is an excellent layer of defense against campaigns like these,” Wordfence’s blog post explaining the scam stated. “Check your site for needed updates frequently to ensure you’re receiving the latest patches as they’re released.”