Home > Security > Security News

Fake ‘Security WordPress’ Plugin Injects Casino Spam, Improving SEO of Attacker’s Website

Published on February 27, 2025
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

Attackers used fake plugins to insert casino spam, compromising website functionality and search engine rankings. This attack bypasses integrity checks and remains hidden from unsuspecting website admins by mimicking legitimate plugins in the WordPress directory.  

The latest reported incident involves spam links related to online gambling being injected into the footer of a WordPress site. 

These links are pulled from a malicious URL—“jsscript[.]top”—via encoded scripts contained in the fake plugin named “Security WordPress,” as detailed by Sucuri.

Output Received After Using the PHP Decoder, UnPHP.
Output Received After Using the PHP Decoder, UnPHP | Source: Sucuri

Masquerading as a seemingly harmless plugin, the malicious software avoids detection by using techniques like obfuscation and single-file execution. This ensures that even thorough integrity checks within WordPress fail to detect the malware.

JSON File Output with Spam Links.
JSON File Output with Casino-Themed Spam Links | Source: Sucuri

The attack begins with an XOR decryption function that reveals an encoded URL. From there, the plugin uses cURL functions to retrieve external JSON data containing a list of spammy links. 

The malware then decodes, shuffles, and inserts these links into the website footer for both visitors and search engine crawlers to find.  

Such actions appear to serve three primary purposes for attackers – Black Hat SEO, traffic redirection, and paid link schemes.

The attacker's domains improve their search rankings by creating backlinks from legitimate websites. Users clicking these links are redirected to potentially harmful websites, and attackers may profit from selling these placements to unscrupulous entities. 

Another Sucuri report said a compromised WordPress site was manipulated to host spam pages with casino-related links. The malware was concealed using a simple "include" statement within the WordPress theme, referencing a malicious file positioned above the webroot.

Add a Comment
Related
Anonymous hackers dressed up with claws and mask carrying out an attack
NighSpire Stole 30GB Data from France’s Municipality of Ardon, Set to Leak it on 30 April
Novel Advanced MaaS Platform for Android Used in Phishing Campaign Impersonating Banks
Microsoft logo on a building
Microsoft Entra Lockouts Spark Concern Over New Security Feature Rollout 
Scammers Dupe Victims of Financial Fraud with Online Personas of Victims and FBI IC3 Officials
Virtual Credit Card and Bank Account Data on Sale with Instructions for Use on PayPal, eBay and AdWords
ClickFix Scams Impersonating MS Defender and Cloudflare Bot Checks Target U.S. Users
Most Popular
movies 2025
2025 Movie Release Dates: Calendar for Theatrical and Streaming Dates
TV shows February 2025
2025 TV Premiere Dates: New & Returning TV Series Calendar
Alan Ritchson in The Ministry of Ungentlemanly Warfare
War Machine: Know Everything About Alan Ritchson’s new Sci-Fi Movie
Anonymous hackers dressed up with claws and mask carrying out an attack
NighSpire Stole 30GB Data from France’s Municipality of Ardon, Set to Leak it on 30 April
iHostage
iHostage Movie: Decoding the true Story Behind the Harrowing Amsterdam Hostage Crisis
Abby in The Last of Us Season 2 and in The Last of Us Part II game
The Last of Us Season 2: Will Ellie kill Abby?
2025 Movie Release Dates: Calendar for Theatrical and Streaming Dates
2025 TV Premiere Dates: New & Returning TV Series Calendar
War Machine: Know Everything About Alan Ritchson’s new Sci-Fi Movie
NighSpire Stole 30GB Data from France’s Municipality of Ardon, Set to Leak it on 30 April
iHostage Movie: Decoding the true Story Behind the Harrowing Amsterdam Hostage Crisis
The Last of Us Season 2: Will Ellie kill Abby?

Most Popular
movies 2025
2025 Movie Release Dates: Calendar for Theatrical and Streaming Dates
TV shows February 2025
2025 TV Premiere Dates: New & Returning TV Series Calendar
Alan Ritchson in The Ministry of Ungentlemanly Warfare
War Machine: Know Everything About Alan Ritchson’s new Sci-Fi Movie
Anonymous hackers dressed up with claws and mask carrying out an attack
NighSpire Stole 30GB Data from France’s Municipality of Ardon, Set to Leak it on 30 April
iHostage
iHostage Movie: Decoding the true Story Behind the Harrowing Amsterdam Hostage Crisis
Abby in The Last of Us Season 2 and in The Last of Us Part II game
The Last of Us Season 2: Will Ellie kill Abby?
2025 Movie Release Dates: Calendar for Theatrical and Streaming Dates
2025 TV Premiere Dates: New & Returning TV Series Calendar
War Machine: Know Everything About Alan Ritchson’s new Sci-Fi Movie
NighSpire Stole 30GB Data from France’s Municipality of Ardon, Set to Leak it on 30 April
iHostage Movie: Decoding the true Story Behind the Harrowing Amsterdam Hostage Crisis
The Last of Us Season 2: Will Ellie kill Abby?

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: