Hackers attack WordPress in alarming news this week. Malwarebytes’ security experts have found several WordPress websites that have been infected with a malicious plugin that stealthily generates ad traffic.
A “few dozen” WordPress websites were reportedly compromised. And whoever carried out the attack also installed a backdoor named “fuser-master.” This is according to a blog post outlining their results.
Fuser-master is a very impressive creation. When a person clicks on the generated URL, they are taken to the legitimate blog but with a popunder page instead. That popunder, which was bought from a separate page, will present different advertisements.
READ MORE: Introducing The World’s Smallest 3D Printer
Hackers attack WordPress: emulating human conduct
In order to simulate human behavior, the WordPress plugin will then briefly scroll over the page before clicking on an advertisement. The plugin will halt operating if the user scrolls, moves the mouse, or clicks anything, further obscuring its presence.
It was also claimed that the popunder page periodically refreshed itself. This led to the loading of new advertisements. Also, any movement action will stop if the visitor quits their browser while still seeing the popunder.
50 blogs were identified to be fuser-master compromised overall by Malwarebytes. The researchers added that one of the sites received almost 4 million views in January alone and that the typical visit lasted nearly 25 minutes.
The creators of Fuser-master went to great lengths to conceal their identities. In addition to the plugin’s valiant efforts to remain hidden, it was unable to locate any references to the plugin, its author, or a download page anywhere. Researchers from Malwarebytes were only able to locate one reference to a WordPress theme detector on themesinfo.com.
Most of the blogs there initially appear to be real. Yet, the website becomes a hub for ad fraud when a user inputs the precise URL and other information.
Leave a Reply