Thousands of malicious Web sites that run the WordPress Content Management System (CMS) redirect their users to scam pages technical support, according to Jérôme Segura of Malwarebytes Labs.
This is not a great surprise, given the large number of attacks against websites including content management systems such as Joomla, Drupal, and WordPress. Malwarebytes Labs detected a new wave from hacked sites, with everything running WordPress CMS.
Although we do not yet know his identity hacker, researchers believe that malicious users are using multiple ways to infect target sites.
The security researcher also discovered that the number of broken WordPress websites is growing every day, a sure proof that crooks are trying to extend the scope of the attack to even more goals.
It is worth noting that some of the scam pages use a recently discovered browser loop vulnerability that has not yet been resolved.
According to Malwarebytes Labs, this vulnerability affects the latest version of Google Chrome and virtually controls the mouse cursor by preventing it from clicking on the infected page to close it.