Dark Web Links to WordPress Hack

Hackers Target WordPress Websites

WordPress is the home of millions of websites that operates on the World Wide Web. This renowned platform is one of the most used software where many businesses showcase their products and services to consumers around the globe. Recently, cyber security researchers revealed that dark web hackers are now targeting websites associated with the WordPress brand.

The analysts disclosed that they have discovered a large-scale hacking effort by which hackers have maliciously exploited the software’s JavaScript by injecting it with compromised coded links. Accordingly, with the infectious JavaScript code attached to exploited WordPress websites, visitors to those sites are redirected to fraudulent webpages, as well as other malicious links. Thus, the malicious redirect allows the dark web hackers to generate fraudulent traffic to their scams.

Krasimir Konov, a malware specialist at the Sucuri cybersecurity firm revealed that the targeted WordPress websites always have similar vulnerabilities. Therefore, it is quite easy to insert and spread the malicious JavaScript throughout each website’s contents and database, and this also involves the valid core WordPress files.

WordPress Cyber Security Problems

The reports entailed how the hackers infected files like jquery.min.js and jquery-migrate.min.js with the hacked encrypted JavaScript code. Additionally, the malicious code is activated on every page load, while allowing the hackers to redirect website visitors to the desired address of fraudulent websites owned by the hacking group.

The URLs at the end of the redirect chain, according to the GoDaddy-owned website security company, are some of the ingenious ways that hackers can send consumers to fake websites that are filled with spam advertisements, phishing pages, and other malicious content.

Research analysts have reported that dark web hackers are linked to malware and viruses that can easily target consumers and trapped them into a chain of redirects. Unsuspecting victims are sometimes redirected to a fake redirect homepage with a bogus CAPTCHA check, which when clicked feeds unwelcome adverts that appear to have come from the software rather than a web browser.

2022 WordPress Hacks

Since May 9, 2022, cyber security analysts discovered a malicious WordPress hacking campaign, which is an extension of another security breach discovered last month. The latest hack has reportedly targeted and compromised 322 websites built on the WordPress platform. On the other hand, a similar hacking campaign launched in April by criminal hackers were much larger as they reportedly compromised almost 6,500 domains.

Several cyber analytical pieces of research show that hackers are constantly exploiting many weaknesses associated with the WordPress themes, and independently created plugins. There are several reported instances where dark web hackers have hijacked WordPress built websites and inserted malicious codes that have targeted and compromised numerous consumers.