Scammers infect WordPress sites to redirect victims
Tech support scammers strike again, and this time, they found a way to compromise legitimate WordPress websites. In September 2018, experts from Sucuri reported that hackers are inserting malicious codes into .js, .php files as well as in WP databases. The malicious code redirects site visitors to scam pages that display fraudulent pop-ups with scary messages. Usually, they state there is something wrong with victim’s computer.
In several scenarios, the script lies in the “wp_posts” table in the WP database. Interestingly, there is no code obfuscation. Representatives from Sucuri labs say that location of the malware varies, and that common versions of the virus are in .js files containing jquery in their names. Experts also add that scammers can compromise WordPress websites via outdated plugins, a common and probably the main security flaw in WP websites. Some of the targets they named were very old tagDiv themes (NewsMag, NewsPaper, others) and unpatched Smart Google Code Inserter plugin.
Fraudsters come up with new ideas since Google started banning fake tech support ads
The new attack wave rolled out soon after Google’s announcement to strictly restrict advertisements by third-party tech support providers. The tech giant took such measures to lower the number of fraudsters in the tech support market.
Therefore, tech support scammers now aim at legitimate websites and try to advertise by illegally injecting codes in reputable sites. They may also attempt to exploit legitimate advertising platforms to present themselves as trustworthy service providers.
The attackers promote traditional fake support pages urging the victim to call for support immediately. Usually, the deceptive pop-up includes such and similar lines:
Windows Warning Alert
Malicious Spyware/Riskware Detected
Please call us within the next 5 minutes…
Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.