There is a two weeks old malware campaign, that is ongoing and its infection of WordPress sites is increasing with disturbingly faster rates in the past few days. The visitors of these sites are targeted through a malicious code redirecting them to a landing page hosting a known exploit kit.
SucuriLabs researchers have recently found that a lot of sites have been infected with malware and 95 percent of those sites rely on the WordPress platform. In the past three days, from one thousand sites being affected the number has exponentially increased to six times more.
Source: https://blog.sucuri.net
The websites have been injected with malware through vulnerabilities in their code. This serves the purpose of redirecting unsuspecting users to a landing page, which address is constantly being changed. This page is hosting the Nuclear Exploit Kit that is sold on the black market. Once there, various, different exploits are being run depending on the visitor’s operating system and apps that he is using.
SucuriLabs experts are referring to the malware campaign as VisitorTracker due to the function name “visitorTracker_isMob()” being used in all of the sites’ malicious javascript code. The code is injected as it appears, via vulnerabilities found in WordPress plugins.
Google has already blocked 17 percent of all the sites that are being infected, although their number keeps increasing with each day passed. The WordPress platform has been under heavy attacks in the past as well.