Malware campaign compromises over 4,500 WordPress sites

More than 4,500 WordPress websites have been compromised by a widespread malware campaign that may have been active for the last six years, The Hacker News reports. Obfuscated JavaScript injections from the malicious "track[.]violetlovelines[.]com" domain have been leveraged by attackers as a means to facilitate redirections to sketchy sites, according to a Sucuri report. Threat actors have used a website for the Crystal Blocker ad blocker to show misleading browser update alerts in an effort to encourage the use of the browser extension, which has been downloaded nearly 110,000 times. Researchers also found that other redirects employed by the campaign involved the retrieval of the Raccoon Stealer information-stealing malware that targets browser-stored passwords, cookies, and cryptocurrency wallets. "In recent months, this malware campaign has gradually switched from the notorious fake CAPTCHA push notification scam pages to black hat 'ad networks' that alternate between redirects to legitimate, sketchy, and purely malicious websites," said Sucuri researcher Denis Sinegubko.