Since late December, Sucuri team has been tracking a new spike in WordPress website infections.
These infections have been exploiting vulnerabilities in outdated versions of WordPress to gain access to the sites. Once they have control, malicious code is injected that displays unwanted ads and redirects visitors to other sites –including tech support scams, adult dating, phishing, or drive-by-downloads. In this specific campaign, The first injection type is a simple script tag, and the second type is obfuscated JavaScript that leverages the ‘fromCharCode’ function.
Sucuri also lists steps to take to clean an infection.
Black Hat AD network using Hacked WordPress Sites