After Google decided to put an end to tech support scams on the search engine platform, cybercriminals are now moving to WordPress as one of their prime targets. Thousands of websites using the WordPress platform have been affected with a JavaScript malware that redirects users to tech support pages which pose as legitimate websites. These tech support pages request personal user data and credit card information, which leads to unsuspecting internet users to put in the required information.
Jérôme Segura from Malwarebytes observed an encoded blurb in HTML headers or one of the lines of code that is linked to the external JavaScript malware. Since the malware code is obfuscated, it makes it difficult for most malware detection programs to identify the culprit code. In some cases, the ‘wp_posts’ table was compromised to inject the code.
The tech support websites that malware redirects to pose as legitimate support services from popular brands. These pages often include warning notices about viruses and malware on users’ computers, sending unsuspecting people into a panic to phish credit card data. The websites also come with toll-free support phone numbers to make the whole scam feel legitimate.
Even outside of tech support scams, WordPress websites are being affected by JavaScript mining ads that run on pages to generate cryptocurrency tokens. WordPress users should recommend all of their plugins and scan for any malicious plugins installed on their website as soon as possible to prevent their pages from being exploited by scammers. These scams can only steal credit card data or other personal information; they can also bring websites to disrepute.
According to security researchers, the number of affected websites is slowly increasing which points to the fact that these websites are not handled responsibly and include outdated plugins which are causing the surge in attacks by cybercriminals.
What do you think about the tech support scam affecting WordPress websites? Get instant updates on TechNadu’s Facebook page, or Twitter handle.