WordPress is a site content management system. It is open source and widely used to create various blogs, services and complex resources due to its relative simplicity. The built-in system of themes and plugins allows you to design almost any WordPress-based web project.

what is known

• Influenced resources are used to redirect users to fake pages and various malicious sites.
• According to experts, in general, already compromised More than 6600 sites.
• The malicious code is embedded in various hacked site files, databases, and core WordPress files.
• Attackers try to put their malicious code in any .js file that contains “jQuery” in its name.
• At the same time, it can avoid detection and hide its activity.

• Yes, applying code to a hacked site creates a new script element with legendary domain[.] com as source.
• This domain accesses the second external domain – local[.]drakefollow[.] com stands for another.
• This creates a chain through which the visitor travels until they are finally redirected to a malicious resource.

Before reaching the final landing page, some visitors encounter a fake page from CAPTCHA that forces them to subscribe to push messages from the malicious site.

If someone clicks on a fake CAPTCHA, they will receive unwanted ads even if the site is not open, and the ad will appear to be coming from the operating system and not the browser. In addition, such stealth maneuvers with push messages are associated with “tech support”, one of the most common methods of fraud. When a user is informed that their computer is infected or is running very slowly, and to fix the problem, call the toll-free number.
– say experts.

Researchers say that for the initial security of sites in WordPress, attackers regularly use a large number of vulnerabilities detected in plugins and WordPress themes.

It is unclear whether the company has taken any action to close any loopholes in the code.