In a massive malicious SEO campaign, cybercriminals are promoting low-quality Q&A sites by redirecting visitors to fake discussion forums. As a result, almost 15,000 sites have been compromised.

In September 2022, researchers at Sucuri discovered the attacks. Each compromised site was found to contain approximately 20,000 files that were utilized in the search engine campaign.

Researchers believe that the goal of threat actors is to generate enough indexed pages in order for them to increase their authority in the search engines. This will enable them to rank higher as a result.

Primarily, the malware targets WordPress sites. The hackers modified the WordPress PHP files to inject redirects to fake Q&A discussion forms.

The infected files contain malicious code that checks if website visitors are logged into WordPress. If not, the visitors are redirected to a Google search click URL that redirects them to the spam Q&A site.

The use of Google search click URLs is likely to increase performance metrics on URLs in the Google index. Thus, the sites appear popular, and web traffic is seen as more legitimate, possibly bypassing some security software.

Users who are logged in are excluded so that the threat actor doesn’t raise suspicion by redirecting a site administrator.

While Sucuri couldn’t identify the exact way the attackers breached the website that was used for redirects, it is likely that they exploited a vulnerable plugin or brute-forced the WordPress administrator password to access the website.

Sucuri recommends that users secure their admin panel with two-factor authentication or other access restrictions to prevent becoming a victim. Furthermore, users should ensure that all software on their website is up-to-date and patched to the latest versions.

 

Related Posts - TKS Blog

TKS Newsletter - 2025 February
Here's our February 2025 Newsletter Read the full PDF version here: The TKS Sentinel - February Issue In this month's edition, we discuss: Work-Specific Tools Windows 11...
Read more
common password mistakes
Password Management Tips For Businesses
Is Your Business Cyber Secure? Passwords are the front line of defense against cyberattacks. Yet, most businesses still struggle with password security—whether it’s employees using weak...
Read more
tech news updates jan 2025
TKS Newsletter - 2025 January
Here's our January 2025 Newsletter Read the full PDF version here: The TKS Sentinel - January Issue In this month's edition, we discuss: New Tech Tools Malicious...
Read more
Managed IT Services Pricing
Managed IT Services Pricing Explained
  Understanding managed IT services pricing is crucial for business owners, as multiple variables can affect the final cost. The global managed services market is...
Read more

Used with permission from Article Aggregator