BleepingComputer reports that nearly 15,000 websites with almost 20,000 files each have been compromised in a widespread Google search engine optimization poisoning campaign redirecting to fraudulent Q&A sites. WordPress accounted for most of the sites impacted by the SEO poisoning campaign, with the affected sites believed to be used as malware droppers or phishing sites in future attacks, a report from Sucuri revealed. Threat actors behind the campaign have been injecting redirects to WordPress PHP files, with the injected files found to consist of a malicious code that redirects visitors of non-WordPress sites to a URL enabling the loading of a JavaScript redirecting to a Google search click URL aimed at establishing the legitimacy of web traffic. Cloudflare has been used to host most of the malicious subdomains leveraged by attackers, all of which have similar website-building templates suggesting that a single group of threat actors may be behind the scheme.