Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites.

"Site visitors get injected content that was drive-by malware like fake Cloudflare verification," Sucuri researcher Puja Srivastava said in an analysis published last week.

The website security company said it began an investigation after one of its customer's WordPress sites served suspicious third-party JavaScript to site visitors, ultimately finding that the attackers introduced malicious modifications to a theme-related file ("functions.php").

The code inserted into "functions.php" incorporates references to Google Ads, likely in an attempt to evade detection. But, in reality, it functions as

See Full Page