Korean WordPress Sites Targeted By Massive Spam Campaign
CYBER NEWS

Korean WordPress Sites Targeted By Massive Spam Campaign

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

WordPress sites are being targeted by an unknown hacking group with a large-scale phishing attack. The security reports indicate that this is done so via a specially modeled scenario.




Massive Spam Attack Hits WordPress Sites

A recent security report reveals that an unknown hacking group is actively targeting WordPress sites and has been able to deface many Korean installations. The researchers that posted about the incident note that the collective is leveraging a special SPAM generator which will inject malware content into the compromised sites. The route of infection is a weakness in the configuration file used by the content management system which allows for code to be inserted into the posts.

Related:
The CVE-2019-2725 vulnerability which is exhibited in the Oracle WebLogic Server application was abused by hackers leading to Monero miner infections
CVE-2019-2725 Oracle WebLogic Server Flaw Leads To Monero Miner Infections

It appears that the hackers have made a list of conditions which are used to control the attack. The attacking script is configured to select only Korean sites by targeting the .kr domain and checking if the language options match the language. As soon as a vulnerable site is found the malware framework will automatically insert malicious links which will be acquired from a special hacker-controlled server. They will produce content that includes keywords that can modify the SEO ranking of the site. There are several reasons why the hackers have chosen to follow this particular campaign:

  • The compromised sites will rank higher in search engines when the computer users type in the injected keywords. This will generate traffic to the sites which may contain various kinds of malware or phishing content.
  • The modified pages can be altered so that they will not visible in search engine queries. This is often done in order to sabotage high-ranking pages.
  • Via the code injection the hackers can insert banners and ads which will generate income for them. This can include cryptocurrency miner code that can be executed directly in the web browsers.

The fact that thousands of sites have been compromised so far urges WordPress administrators to apply the latest patches for both the main system and any installed plugins. Webmasters can also check their site for suspicious content by reviewing the Google Search Console reports

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...