Thus, victims are first redirected to a domain that checks the type of device they are using, User-Agent and, based on this and other factors, redirects the visitor to one of the types of malicious sites (fake technical support resources, porn sites, downloads of various Android APKs, suspicious pharmaceutical pages). The researchers also found sites that try to directly attack the user’s browser using various tricks and exploits.
The researchers write that the operators of this campaign used obfuscated payloads, and also involved a large number of sites in the attacks (obviously trying to cover their tracks and confuse information security specialists).
Wordfence reminds you that similar attacks on plugins have happened before. For example, in the spring of this year, hackers similarly used a bug in the Yellow Pencil Visual Theme Customizer plugin, and also in plugin Yuzo Related Posts.