Threat Management

Nearly 15K sites targeted in Google SEO poisoning attack

Share

BleepingComputer reports that nearly 15,000 websites with almost 20,000 files each have been compromised in a widespread Google search engine optimization poisoning campaign redirecting to fraudulent Q&A sites. WordPress accounted for most of the sites impacted by the SEO poisoning campaign, with the affected sites believed to be used as malware droppers or phishing sites in future attacks, a report from Sucuri revealed. Threat actors behind the campaign have been injecting redirects to WordPress PHP files, with the injected files found to consist of a malicious code that redirects visitors of non-WordPress sites to a URL enabling the loading of a JavaScript redirecting to a Google search click URL aimed at establishing the legitimacy of web traffic. Cloudflare has been used to host most of the malicious subdomains leveraged by attackers, all of which have similar website-building templates suggesting that a single group of threat actors may be behind the scheme.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.