Skip to Main Content

10,000 WordPress sites hacked and used in huge malvertisement scheme

While sometimes funny, adverts are most of the time more of an annoyance than anything else. It doesn’t really matter where you have to endure it – radio, television, movie theaters, or the internet. It gets even worse if the advertisement is malicious. Sadly chances that you might encounter malvertisement are higher than you’d think as a recent report from Check Point shows: They’ve discovered an operation that delivers such ads to millions of users.

Ads are not ads

On first sight it all seems legitimate: A page sells their traffic to an ad bidding platform, it gets sold to the highest bidding advertiser, and then some advertisement appears on the page. There are a couple of problems though:

  • The traffic comes from hacked WordPress sites
  • The highest bidders are just a front for cybercriminals and not serious companies trying to advertise their products
  • The adverts are malvertisement including trojans, crypto-miners, and ransomware.

According to Check Point the whole operation is rather well planned out and conducted professionally – and apparently is still live.

The rather ingenious malware ad campaign

It all started with more than 10,000 compromised pages, which were using WordPress 4.7.1, an old version of the ever-popular CMS that sports a Remote Code Execution vulnerability. All of those sites were and probably still are redirecting their traffic to a page that belongs to the mastermind of the operation dubbed “Master134”.

With the huge amount of traffic on the page and masquerading as a publisher, Master134 goes to the AdsTerra Ad-Network which will sell the space available on the page to the highest bidders and/or resellers. Incidentally, all of the Mater134 ad lots are bought soon after by malware distributors posing as advertisers.

The ads displayed on Master134’s page now are malicious and the users visiting (or rather being redirected) to the site are now in danger of falling prey to the malvertisement targeted at them.

Image: CheckPoint

Keep safe from malvertisement with those 3 tips

There are a couple of things that can be done in order to keep safe from malvertisement:

Keep your software up to date – Malvertisement often uses exploits in unpatched software like Flash to gain a foothold on their victims’ computer. Downloading and installing the latest available version of your programs is, therefore, a must. If you feel like that’s too much to handle get help in form of a Software Updater which does the work for you.

Use an adblocker – Adblockers are very useful when it comes to staying safe online. While they are understandably an issue for publishers and other people making an income with ad revenue they certainly also make sure that you can stay safe from malvertisement.

Install an antivirus – If push comes to shove an antivirus would be your last line of defense before the infection. They make sure you stay safe from trojans, viruses, ransomware, and more.

PR & Social Media Manager @ Avira |Gamer. Geek. Tech addict.