The GoDaddy-owned web site safety firm mentioned that the domains on the finish of the redirect chain may very well be used to load ads, phishing pages, malware, and even set off one other set of redirects.
In some cases, unsuspecting customers are taken to a rogue redirect touchdown web page containing a pretend CAPTCHA examine, clicking which serves undesirable adverts which are disguised to look as if they arrive from the working system and never from an internet browser.
The marketing campaign — a continuation of one other wave that was detected final month — is believed to have impacted 322 web sites to date, beginning May 9. The April set of assaults, then again, has breached over 6,500 web sites.
“It has been found that attackers are targeting multiple vulnerabilities in WordPress plugins and themes to compromise the website and inject their malicious scripts,” Konov mentioned.