As per the experts, the motive behind this cyber incident was to promote the scam websites. They detected the vulnerability last week after noticing that the cybercriminals have been exploiting vulnerabilities in various plugins, which include Simple Fields and the CP Contact Form with PayPal.
WordPress Sites cyber threat
Among these malicious domains, registered as part of the campaign are:
The security experts also mentioned that "We encourage website owners to disable the modification of primary folders block hackers from inserting malicious files or includes as part of WordPress security hardening and security best practices."
The attackers also have been found abusing /wp-admin/ features, to create fake plugin directories that contain more malware. By uploading zip compressed files using the /wp-admin/includes/plugin-install.php file to upload and unzip of the compressed fake plugin into /wp-content/plugins/.
As per Sucuri, the two most common fake plugin directories which they have noticed are:
While explaining further details about the WordPress vulnerability the experts have seen over two thousand new infected sites since they started tracking the infection.
It should be mentioned that as per a report, WordPress infections rose from 83 percent in 2017 to 90 percent in 2018. In 2017, 39.3 percent of hacked WordPress sites recorded outdated installations.