Visitors are being directed to hacked websites.
The attackers have infected a large number of websites with this malware, with the current count exceeding 10,890.
The primary goal of the operation remains ad fraud, which involves the use of illegal techniques to artificially increase the volume of traffic to web pages with AdSense IDs and Google ads. This activity is carried out with the intention of generating revenue through fraudulent means.
After being acquired by the GoDaddy corporation, GoDaddy’s subsidiary company first revealed the malicious activity in November 2022.
This campaign, which started in September of last year, redirects visitors to compromised WordPress sites to bogus question-and-answer portals. Individuals’ security and privacy may be jeopardized if they unknowingly disclose sensitive information.
This appears to be aimed at increasing the authority of spammy sites in search engines so that they appear higher in search results.
Similar to the previous malware attack, the latest wave of malware has been observed attempting to redirect internet traffic through Google searches. The attackers’ goal is to make the redirected traffic appear legitimate.
Using URL Shorteners Abusively Sucuri discovered that all infected websites used the WordPress content management system. Legitimate files on the websites had been corrupted as a result of an obfuscated PHP script.
The most recent campaign has a significant feature that distinguishes it from previous ones. It uses Bing search result links, Twitter’s link shortener service, and Google in their redirects. The use of these services by the campaign suggests a strategic move to avoid detection by security measures. This indicates that the threat actor’s footprint has grown.
Analysis of an Attack Sucuri researchers recently discovered over 75 pseudo-short URL domains linked to redirected traffic. This discovery has taken place over the last two months.
It is worth noting that the vast majority of malicious URLs discovered are connected to a single URL-shortening service. All of the low-quality Question2Answer websites are related to cryptocurrency or blockchain technology in some way.