Home > Cyber News > Korean WordPress Sites Targeted By Massive Spam Campaign
CYBER NEWS

Korean WordPress Sites Targeted By Massive Spam Campaign

by   |  Last Update:  |  0 Comments  

WordPress sites are being targeted by an unknown hacking group with a large-scale phishing attack. The security reports indicate that this is done so via a specially modeled scenario.




Massive Spam Attack Hits WordPress Sites

A recent security report reveals that an unknown hacking group is actively targeting WordPress sites and has been able to deface many Korean installations. The researchers that posted about the incident note that the collective is leveraging a special SPAM generator which will inject malware content into the compromised sites. The route of infection is a weakness in the configuration file used by the content management system which allows for code to be inserted into the posts.

Related: [wplinkpreview url=”https://sensorstechforum.com/cve-2019-2725-oracle-weblogic-server/”]CVE-2019-2725 Oracle WebLogic Server Flaw Leads To Monero Miner Infections

It appears that the hackers have made a list of conditions which are used to control the attack. The attacking script is configured to select only Korean sites by targeting the .kr domain and checking if the language options match the language. As soon as a vulnerable site is found the malware framework will automatically insert malicious links which will be acquired from a special hacker-controlled server. They will produce content that includes keywords that can modify the SEO ranking of the site. There are several reasons why the hackers have chosen to follow this particular campaign:

  • The compromised sites will rank higher in search engines when the computer users type in the injected keywords. This will generate traffic to the sites which may contain various kinds of malware or phishing content.
  • The modified pages can be altered so that they will not visible in search engine queries. This is often done in order to sabotage high-ranking pages.
  • Via the code injection the hackers can insert banners and ads which will generate income for them. This can include cryptocurrency miner code that can be executed directly in the web browsers.

The fact that thousands of sites have been compromised so far urges WordPress administrators to apply the latest patches for both the main system and any installed plugins. Webmasters can also check their site for suspicious content by reviewing the Google Search Console reports

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
Twitter

Related posts:
  1. Get Rid of WordPress-crew(.)net Referrer Spam WordPress-crew referrer spam is a type of spam aiming to...
  2. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  3. Oracle Patches 342 Flaws, Most Critical of Which Is CVE-2019-2729 in Oracle WebLogic Server New Oracle WebLogic Server vulnerabilities were just reported with the...
  4. How to Create and Start a WordPress Blog in a Secure Way Starting a new blog is an adventure and an inspiration...
  5. WordPress Versions Prior to WordPress 5.2.4 Vulnerable, Patch Now! Security researchers reported the discovery of six serious vulnerabilities in...
  6. Massive WordPress Campaign Takes Users through Malicious Redirect Chains Security researchers have identified a malicious campaign against WordPress sites....
  7. Most Secure Web Hosting Australia 2020 *The data in this table may update every week because...
  8. How to Start a Secure Blog: Your Must-Do Checklist Are you a seasoned blogger or a beginner enthusiast? Whether...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree