The campaign, which is a continuation of a previous wave discovered last month, is thought to have affected 322 websites as of May 9. In contrast, the April round of assaults compromised almost 6,500 websites.
“It has been discovered that attackers are exploiting several vulnerabilities in WordPress plugins and themes in order to breach the website and insert malicious code,” Konov stated.
According to the GoDaddy-owned website security organization, the domains at the end of the redirect chain might be used to load ads, phishing sites, or malware.
In certain cases, unknowing visitors are sent to a rogue redirect landing page with a bogus CAPTCHA check, after which they are served with intrusive adverts disguised to appear to come from the operating system rather than a web browser.