According to software security cybersecurity firm Sucur, thousands of WordPress websites have been infected by a single plugin and a single WordPress theme that redirects infected web users to annoying web pages and trick them with pop-up notifications.
In August, over a few thousand WordPress pages were infected mainly from two sources: the outdated tagDiv Newspaper theme and the Ultimate Member WordPress plugin. To date, the number of infected leaves has not decreased, but instead increased to more than six thousand.
The malware redirects the website utroro[.]com to various addresses and tries to trick users with spam messages into clicking the “Subscribe” button on the browser. When notifications are enabled, users are bombarded with annoying ads and links that try to spread malware.
Infected pages download the script from either cdn.eeduelements[.]com or cdn.allyouwant[.]online. The pages where these scripts are found are listed at this address< /a> and at this address.
If you are using the Ultimate Member module on your WordPress site, be sure to check that it has been updated. The tagDiv Newspaper theme also needs to be updated. In certain cases, the malicious script can also spread to non-Wordpress sites and those WordPress installations where the said theme or module is not installed. Read more here and here.
Source of the article: https://geenius.ee/rubriik/veebimajutuse-blogi/tuhandetel-wordpressi-veebipelethel-levib-nakatunud-moduli-kaudu-pahavara/