Adsense fraud impacts nearly 11,000 WordPress sites

Threat actors have launched a malware campaign that has already infected 10,890 WordPress sites with a backdoor that facilitates redirections to Google Adsense ads, Ars Technica reports. Sucuri researchers discovered that all of the compromised sites had their files infected with an obfuscated PHP script, with more injected code serving as a backdoor ensuring persistent malware infection. "These backdoors download additional shells and a Leaf PHP mailer script from a remote domain filestack[.]live and place them in files with random names in wp-includes, wp-admin and wp-content directories. Since the additional malware injection is lodged within the wp-blog-header.php file it will execute whenever the website is loaded and reinfect the website. This ensures that the environment remains infected until all traces of the malware are dealt with," said Sucuri researcher Ben Martin. Google has yet to respond to queries on how it would crack down on the malvertising scam identified by Sucuri.