Infected files included jquery.min.js and jquery-migrate.min.js, which run on every page load. The malware would redirect the website visitor to the attacker’s choice.
This wave of cyber-attacks appears to be a continuation of last month’s wave. Since May 9th, the cyberattack has hit 322 websites. The April attack hit around 6,500 websites.
Mr Konov, a malware analyst, stated that these attacks target WordPress’ weak points and vulnerabilities. The malicious scripts are injected into the website’s themes and plugins.