Javascript Injection Creates Rogue WordPress Admin User

Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection type was always the same: malicious JavaScript designed to display unauthorized pop-ups or completely redirect visitors to spammy websites, which the hackers then monetized through advertisement views. This month we…

Unwanted “Shorte St” Ads in Unpatched Newspaper Theme

Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive “shorte st” ads that they never installed on their sites themselves. My colleague Denis Sinegubko of UnmaskParasites helped to investigate this case. Shorte[.]st is a service that hijacks links,…

WordPress Security – Fake TrafficAnalytics Website Infection

Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for a legitimate analytics service. RealStatistics even set up fake analytics websites designed to trick webmasters who took a few steps to investigate the unfamiliar script. Recently, a new variation of…

Cloned Spam Sites in Subdirectories

In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding a complete WordPress CMS installation into a directory and using the victim’s database structure, attackers were able to inject ads and promote their products – a very bold move. This time around,…