Researchers at Sucuri have reported a significant increase in malware infections which utilize WordPress websites to attack users. The malware in question was first reported two weeks ago but in the past 48 hours the rate of infection has spiked from one thousand to six thousand users a day. The malware campaign is redirecting users to a landing page which detects their browser and then, depending on the type of browser, attempts to exploit known vulnerabilities to infect them with the Nuclear Exploit Kit, a popular form of malware utilized by cyber criminals. 

Earlier this year, WordPress sites were utilized to spread malware in a similar attack. The popularity of the WordPress content management system is likely to be a reason for the repeat targeted attacks. According to the researchers at Securi, "If you think about it, the compromised websites are just a means for the criminals to get access to as many endpoint desktops as they can. What's the easiest way to reach out to endpoints? Websites, of course." In addition to negatively affecting website users and impacting a website’s reputation, users will eventually be redirected from the infected sites by Google’s built-in security features. 

Securi has named the malware in question “VisitorTracker” as one of the functions used in the code is “visitorTracker_isMob().” They advised users of the WordPress content management system to ensure that their plugins are updated to prevent their sites from being infected by this malware campaign. See our previous coverage of malware campaigns targeting WordPress websites here.