Cloud Security

Thousands of WordPress sites impacted by Sign1 malware campaign

Stickers, buttons and pencils with the WordPress logo are seen in a pile.

BleepingComputer reports that more than 39,000 WordPress sites have been compromised to display popup ads and redirects as part of the widespread Sign1 malware campaign during the past six months, with 2,500 sites infected since January alone.

Threat actors behind the campaign have deployed brute-force attacks to infiltrate WordPress sites before exploiting HTML widgets and the Simple Custom CSS and JSS plugin to facilitate Sign1 malware injection, according to a report from Sucuri. Time-based randomization has been leveraged by the malware to produce dynamic URLs that enable the retrieval of malicious code, researchers said. Such a code, which allows not only XOR encoding but also specific cookie and referrer tracking to better target individuals visiting Google, Instagram, Facebook, and Yahoo, then activates popups and redirects to fraudulent sites with lures to activate browser notifications. Website administrators have been urged to strengthen their credentials, ensure updated plugins, and remove unneeded add-ons to prevent compromise.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.