According to multiple news reports, hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums.
The attacks were first spotted by Sucuri, A website security & protection platform, who said that each compromised site contains approximately 20,000 files used as part of the search engine spam campaign, with most of the sites being WordPress.
From Sucuri:
From Digital Informational World:Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines.
PublicWWW results show nearly 15,000 websites have been affected by this malware so far. Our own SiteCheck scanner has detected these redirects on over 2,500 sites during September and October. According to data from our internal cleanups, the file structure of each affected website contains a great deal of infected files — nearly 20,000 detections in total.
What makes this campaign especially unusual is that attackers are found to be promoting a handful of fake low quality Q&A sites.
Read more here: https://blog.sucuri.net/2022/11/mass...-campaign.htmlThe malicious code can tell whether or not a user is logged in through WordPress, and it redirects anyone who isn’t to the aforementioned site. More specifically, clicking on any links will redirect to a URL related to a Google search which will subsequently redirect users yet again to the final site.
These hackers are doing this because of the fact that this is the sort of thing that could potentially end up giving them a leg up in the SEO domain, and this is creating a feedback loop wherein each newly compromised site exponentially increases the rate of growth. Excluding WordPress users helps these hackers stay under the radar by avoiding redirecting site admins who’d immediately take steps to rectify the issue and shut the whole scam down.
And here: https://www.digitalinformationworld....sites-and.html