In November 2022, researchers from security firm Sucuri reported to have tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. The experts were tracking the campaign since September 2022, the campaign’s end goal was black hat SEO aimed at increasing the reputation of the attacker’s sites.
The Sucuri SiteCheck detected redirects on over 2,500 sites during September and October, while PublicWWW results show nearly 15,000 websites affected by this malware.
Now experts from Sucuri revealed that since September, their SiteCheck remote scanner has detected this campaign on 10,890 infected sites. The researchers pointed out that the activity has surged with over 70 new malicious domains masquerading as URL shorteners. Since January 2023, over 2,600+ sites have been detected.
The hacked website traffic is redirected to low-quality websites running the Question2Answer CMS. The websites were proposing discussions related to cryptocurrency and blockchain.
The main goal of the threat actors is still ad fraud by generating revenues through traffic redirection to pages containing the AdSense ID used by the threat actors.
