• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
Labs Note

Face Mask Spam Links Injected in WordPress Database

April 2, 2020Luke Leal

0
SHARES
FacebookTwitterSubscribe

During a recent malware removal request, we found a compromised WordPress site being used to redirect to spam websites. The campaign was leveraging an increase in search queries related to face masks.

To make their campaign more difficult to detect and boost SEO rankings, the attackers use a multitude of compromised third-party websites to funnel their traffic. They also use the World Health Organization name and images to add credibility to their campaign.

World Health Organization spam image

Spam links are injected into the widgets section of the wp_options database, resulting in the compromised environment linking to third-party sites trying to rank for face mask search terms.

Face mask spam links

The spam links have been set to conceal themselves from website visitors using <div style=”display:none;”>, all of which lead to the Shopify website https://lundybright[.]fr/ which was registered on March 2nd.

Compromised websites impacted by this spam campaign can use our hacked website cleanup guide to remove the infection.

0
SHARES
FacebookTwitterSubscribe

Categories: Sucuri Labs, Website Malware Infections, WordPress SecurityTags: Labs Note, Redirects, SEO Spam

About Luke Leal

Luke Leal is a member of the Malware Research team and joined the company in 2015. Luke's main responsibilities include threat research and malware analysis, which is used to improve our tools. His professional experience covers over eight years of deobfuscating malware code and using unique data from it to help in correlating patterns. When he’s not researching infosec issues or working on websites, you might find Luke traveling and learning about new things. Connect with him on Twitter.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

WordPress Security Course

The Anatomy of Website Malware Webinar

WordPress Security Guide

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.