New reports are coming in that indicate that a massive hacking campaign is underway that is using SEO to direct users to compromised sites that redirect said traffic to discussion forums that are entirely illegitimate. Every site contains tens of thousands of files that are boosting the metrics on search engine results pages, and considering that 15,000 websites have now been compromised this seems to suggest a very startling state of affairs with all things having been considered and taken into account.
With all of that having been said and now out of the way, it is important to note that these malicious actors are trying to artificially boost the influence of their own web domains by generating fake backlinks through the hacked sites. The more indexed pages they have, the higher their search engine ranking would be even though the information contained on the site is in no way legitimate.
The way these hackers are working is that they are entering the PHP files of each site and injecting code that can redirect users from the site they clicked on to the aforementioned Q&A forums. The files are often masked by using ostensibly real sounding names, but they are clear markers of tampering that can indicate that the site is less safe to use than might have been the case otherwise.
The malicious code can tell whether or not a user is logged in through WordPress, and it redirects anyone who isn’t to the aforementioned site. More specifically, clicking on any links will redirect to a URL related to a Google search which will subsequently redirect users yet again to the final site.
These hackers are doing this because of the fact that this is the sort of thing that could potentially end up giving them a leg up in the SEO domain, and this is creating a feedback loop wherein each newly compromised site exponentially increases the rate of growth. Excluding WordPress users helps these hackers stay under the radar by avoiding redirecting site admins who’d immediately take steps to rectify the issue and shut the whole scam down.
Read next: New Alert Issued For Malicious Extension On The Chrome Browser That Steals Online Accounts And More
With all of that having been said and now out of the way, it is important to note that these malicious actors are trying to artificially boost the influence of their own web domains by generating fake backlinks through the hacked sites. The more indexed pages they have, the higher their search engine ranking would be even though the information contained on the site is in no way legitimate.
The way these hackers are working is that they are entering the PHP files of each site and injecting code that can redirect users from the site they clicked on to the aforementioned Q&A forums. The files are often masked by using ostensibly real sounding names, but they are clear markers of tampering that can indicate that the site is less safe to use than might have been the case otherwise.
The malicious code can tell whether or not a user is logged in through WordPress, and it redirects anyone who isn’t to the aforementioned site. More specifically, clicking on any links will redirect to a URL related to a Google search which will subsequently redirect users yet again to the final site.
These hackers are doing this because of the fact that this is the sort of thing that could potentially end up giving them a leg up in the SEO domain, and this is creating a feedback loop wherein each newly compromised site exponentially increases the rate of growth. Excluding WordPress users helps these hackers stay under the radar by avoiding redirecting site admins who’d immediately take steps to rectify the issue and shut the whole scam down.
Read next: New Alert Issued For Malicious Extension On The Chrome Browser That Steals Online Accounts And More
