Visitors to compromised WordPress site were redirected to a fake Pirate Bay website which is distributing malware as part of a drive-by download attack.
WordPress sites are being targeted and injected with a malicious iFrame which directs visitors to a fake Pirate Bay page, according to Malwarebytes. The fake page ultimately pushes the Nuclear Exploit Kit, which offloads a banking trojan via a Flash vulnerability (CVE-2015-0311).
The malicious site is not maintained by Pirate Bay but instead is a rouge site from the Open Bay project which allowed people to set up clone accounts after the original Pirate Bay was shut down.
Last year web security firm Sucuri exposed a massive campaign of WordPress compromises dubbed “SoakSoak” which allowed people without administrative privilege modify accounts. Researchers believe the hackers may be using similar methods.