author photo
By Cam Sivesind
Mon | Nov 14, 2022 | 12:22 PM PST

In an effort to increase their Google search rankings and drive more traffic to fake sites, bad actors are employing a black hat SEO trick that is redirecting users via WordPress websites.

Visitors to the more than 15,000 websites are being redirected to low-quality bogus Q&A sites thanks to malware infecting the WordPress sites.

"The attackers' spam sites are populated with various random questions and answers found to be scraped from other Q&A sites," Sucuri reported in a blog post. "Many of them have cryptocurrency and financial themes."

Check out the blog for details on commonly affected files (infected malicious .php files), evasive techniques, redirect scripts (including redirects to logo.png files), a list of redirect destinations, and more.

"This black hat SEO theory is also backed by the fact that the second level domains of the Q&A sites seem to belong to the same people," the post continues. "The hosted websites use similar templates and pretty low quality content (mostly in Arabic language) that is either scraped from some other sites or created for search engines rather than real humans."

Authors of the malware campaigns are aiming to boost traffic to their phony sites and therefore increase clicks on their own Google ads, as well as increase their own sites' authority rankings, which in turn could bring legitimate organic traffic by users not knowing they are being directed to the fake content.

The key takeaway? Users must enable multi-factor authentication (MFA) and ensure that all software is up-to-date. The Sucuri post also provides advice for affected users to clean up the infection and mitigate future exploits.