WordPress sites are again under attack. WordFence: There is an ongoing malvertising campaign, causing victims’ sites to display unwanted popup ads and redirect visitors to malicious destinations
The cyber security experts: Cybercrime is exploiting plugin vulnerabilities to launch attacks
The malvertising campaign is ongoing and threat actors will be quick to leverage any similar XSS vulnerabilities that may be disclosed in the near future
WordFence cyber security researchers explain that when a visitor arrives at that address, the site responds with a different script based on the User-Agent string associated with the request. A cookie is also set in the redirected browser in order to track repeat users. The eventual destination sites vary in scope and intent. Some redirects land users on typical illegitimate ads for pharmaceuticals and pornography, while others attempt direct malicious activity against the user’s browser. Some of the redirect landing pages attempt to social engineer their victims into clicking various page elements. These attacks aren’t the first associated with this malvertising campaign. Several vulnerabilities disclosed over the past few months have been included in the attacker’s attempts to distribute these injections. In addition to the redirects, this campaign includes the ability to inject popup ads into victims’ sites. Furthermore, researchers believe the threat actors will be quick to leverage any similar XSS vulnerabilities that may be disclosed in the near future.