Attackers inject code into WordPress header file to redirect users

Researchers are warning WordPress website administrators of a new malware attack, whereby adversaries inject code into the header.php file of a site's current WordPress theme, in order to redirect random visitors to malicious domains. 

According to a blog post from Sucuri, infections typically arise from exploited vulnerabilities or unauthorised access to the WordPress admin interface.

Sucuri said that 15 percent of randomly selected visitors to these infected sites do not reach their intended destination - rather, they are sent through malicious redirect chains that include the domains default7.com, test246.com, test0.com, distinctfestive.com and ableoccasion.com.

Internet Explorer browser users, for example, are redirected to websites that offer fraudulent Flash and Java updates, which are actually malware programs.

Sucuri found that attackers can similarly inject this malware code into a Joomla website's .php file. Disabling the user's ability to edit a WordPress or Joomla site's .php files can prevent such an attack.