Aabyss Blog Heading Background

News & Opinion

Gain the edge on the world of business technology and cyber security

Wordpress Sites Hacked to Propagate Scam Campaign

Posted by Andrew Allen | 29-Jan-2020 14:28:15
  • The hacking campaign makes use of previously known vulnerabilities in WordPress plugins.
  • Some of the vulnerable plugins exploited include the ‘CP Contact Form with PayPal’ and the ‘Simple Fields’.

More than 2000 WordPress sites have been hacked by cybercriminals for a scam campaign that redirects visitors to several scam sites.

What does the report say?

Discovered by researchers from Sucuri, the hacking campaign makes use of previously known vulnerabilities in WordPress plugins. Some of the vulnerable plugins exploited include the ‘CP Contact Form with PayPal’ and the ‘Simple Fields’.

  • When exploited, the vulnerabilities allow the attackers to inject JavaScript that loads scripts from malicious domains like gotosecond2[.]com, adsformarket[.]com, admarketlocation[.]com, and admarketresearch[.]xyz.
  • When a visitor accesses the hacked site, the injected script will attempt to /wp-admin/options-general.php and the /wp-admin/theme-editor.php administrative URLs in the background. These URLs are further abused to inject scripts or change WordPress settings to redirect visitors to various scam pages containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads.
  • However, in order to inject scripts, these URLs require administrative access.
  • Apart from injecting malicious JavaScript, attackers have also been found to have created fake plugin directories that are used to upload further malware to the compromised sites. These have been created by abusing the /wp-admin/includes/plugin-install.php file.
  • Once a user subscribes to the notifications by clicking on the ‘Allow’ button, they would be redirected to other scam sites.


Website owners are urged to disable the modification of primary folders to block hackers from inserting malicious files. Meanwhile, experts claim that attackers will continue to register new domains or leverage existing unused domains to conduct such scam campaigns in the future.

Source: https://cyware.com/news/over-2000-wordpress-sites-hacked-to-propagate-scam-campaign-e94ef815

Download a copy of the 15 Ways to protect your business from a Cyber Attack

We're Aabyss and we can better secure your all-important data

If you’re concerned about your cyber security and protecting your private data, we can help.

We’re Aabyss and we have years of experience in supporting businesses in the North West with cyber security, among many other technology challenges. Through our internationally recognised approach, we’ll get to know your business and create the most appropriate solution to meet your commercial and operational requirements.

If you have any concerns or would like to discuss the challenges you face, please contact the team today to book your free discovery meeting.




Topics: Cybersecurity, Technology

Written by Andrew Allen

My personal and business life. I am lucky to have supportive friends and family, and although I am competitive, I try to put others first. I am an active Rotarian, helping support local and international charities. As a former member of Mountain Rescue, I enjoy spending time with my family in the mountains. We regularly travel to experience new cultures and cuisine; I’m a bit of a foodie! In my day job as Chief Executive, I am responsible for ensuring we stay true to our purpose and values. In a strategic capacity, I am also responsible for developing relationships with key partners and major accounts. I love working with ambitious, growing companies who want to challenge themselves and the status quo. Technology, when properly leveraged, can help an organisation differentiate and beat their competition. It's a real joy to make a difference.

Leave a Comment