Attackers are regularly exploiting vulnerable plugins to compromise WordPress websites and redirect visitors to spam and scam websites. This has been an ongoing campaign for multiple years. Payload domains are regularly swapped out and updated, but the objective remains largely the same: trick unsuspecting users into clicking on malicious links to propagate adware and push bogus advertisements onto victim’s desktops.
The most recent variation of this WordPress hack involves the following domain:
If your website is redirecting visitors to pages that look something like this then your website is likely compromised:
In today’s post we will review how to remove the specialadves malware from your WordPress website.