Fake WordPress Plugin Redirects Mobile Visitors to Porn Sites

January 25, 2017 2:18 pm David Bisson

A fake WordPress plugin is redirecting users who visit a compromised website to sites that host pornographic content.

The malicious campaign follows directly after attackers succeed in hacking a WordPress website. They don’t want system administrators to notice anything suspicious going on, as they might lose their access to the site. In response, they try to conceal their activity by conducting a secondary attack that imitates WordPress naming conventions, processes, and even plugins.

This assault installs a fake version of bbPress, a plugin containing forum software made for WordPress. The faker is convincing in that it contains comments lifted from the legitimate bbPress plugin at the top of its source file. But scrolling down the file reveals the plugin to be malicious.

As Sucuri security analyst Fernando Barbosa explains in a blog post:

“This file is more extensive, containing several additional functions. With help of other files like includes/redirect_view.php, the resulting malicious payload causes the victim’s website to redirect to hxxp://keit[.]staticweb[.]tk/98fPgS.”

The malicious redirect happens only when users visit the hacked website using a mobile browser. When it does trigger, the fake plugin’s functions send visitors to pornographic websites.

Unexpected redirections to adult content can undermine users’ respect for and/or trust in your website and brand. That’s not even the worst part. Many pornographic websites are a hotbed for malware, which means users could pick up some nasty form of software because they visited your site.

Don’t let this happen to your organization! To protect yourself, make sure that your company has created security policies that cover your website’s maintenance. Those policies should spell out, for example, how IT staff must update plugins as soon as a patch becomes available and remove all software that’s not in use. With those policies in place, you need to make sure your employees understand what is expected of them. You can do this via the help of third-party staff awareness policy management software.

Does this solution sound of interest to you?

If so, contact Metacompliance and learn how its policy management products can help protect your website against attackers.