Malware Redirects 15,000 Sites in Malicious SEO Campaign

Security researchers have spotted an intriguing malware campaign designed to increase the search motor rankings of spam web-sites below the management of threat actors.

Over 15,000 WordPress and other web sites have been redirected to the spam Q&A web sites, according to Sucuri. The hackers are employing modified WordPress PHP data files and, in some situations, their own PHP information to reach the redirects, with focused internet sites on ordinary that contains 100 contaminated data files every.

The location spam web sites, of which Sucuri has so considerably located 14, have their servers hidden guiding a CloudFlare proxy.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

“The websites appear to be to be using the identical Q&A pattern and are crafted using the Issue2Solution (Q2A) open source Q&A platform. According to their website, this platform is currently powering over 24,500 internet sites in 40 languages,” the seller described.

“The attackers’ spam web pages are populated with a variety of random issues and responses identified to be scraped from other Q&A internet sites. Numerous of them have cryptocurrency and economic themes.”

Despite the fact that no destructive exercise has been detected on these spam sites as but, the actors at the rear of this campaign could “arbitrarily include malware” to them or redirect website visitors yet again to malicious 3rd-party sites, Sucuri warned.

“It’s attainable that these poor actors are simply attempting to persuade Google that actual men and women from distinctive IPs applying distinctive browsers are clicking on their search outcomes. This technique artificially sends Google signals that all those pages are carrying out perfectly in research,” the seller extra.

“If this is the case, it’s a fairly clever black hat Web optimization trick that we have almost never seen made use of in enormous hack strategies. However, its impact is questionable presented that Google will be getting heaps of ‘clicks’ on look for outcomes without any actual searches currently being carried out.”

This idea is backed by the actuality that the second degree domains of the Q&A web sites “seem to belong” to the same folks, it additional.

The marketing campaign is relatively strange in that only 13% of all Web optimization spam infections are categorized as a destructive redirect, in accordance to Sucuri.