A team of security researchers tracked malicious domains for push notification malware in WordPress. This campaign was combined with the ongoing redirection to unknown URLs in WordPress sites.
A few domains where the redirection is happening include
inpagepush[.]com, asoulrox[.]com and iclickcdn[.]com, justcannabis[.]online, 0.realhelpcompany[.]ga, fast.helpmart[.]ga/m[.]js?w=085, etc.
Hackers have gone one step ahead this time to make this hacking campaign more sophisticated by installing a legitimate-looking ‘Hello ad’ plugin to infected WordPress websites.
More on it below.
Related Guide – Step By Step WordPress Malware Removal Guide
Symptoms of the Push Notifications Malware – WordPress
Vulgar Push Notifications: Visitors are being shown malicious/vulgar push notifications to the user of the affected website:
Website Redirection: Website redirection to malicious pages by clicking links on pages within your WordPress.
A few URLs where your website might be redirecting to include inpagepush[.]com, asoulrox[.]com, and iclickcdn[.]com.
Unknown Plugins Found: In some cases, our WP security team identified a new malicious plugin that is added to WordPress by the name of ‘Hello ad’.
Device-Specific/Mobile Only Virus: We noticed that this malware hides very well. It will not always send push notifications or redirect users. The behavior is device-specific.
Sometimes the malware shows push notifications only on mobile devices and sometimes it only redirects new users, it does not target users who have already opened the website earlier.
Curious Case of Malicious Hello Ad Plugin
If you’re seeing the “Hello Ad” plugin on websites, beware! This plugin is actually a malicious piece of code that can redirect your website visitors to hacker-controlled websites.
The code added by this plugin plays an important role in redirection. However, we have seen hackers evolve and obscure this with each new campaign.
Related Guide – WordPress Malware Removal Checklist 2022
Consequences of Push Notification & Redirection Malware on WordPress
This type of attack leads to the following situations:
- Loss of reputation of your brand.
- Big loss for web traffic since they are redirected.
- Reduced sales and business.
- Legal problems when sending (even if unintentionally) users to illegal web pages.
If you do see that a site has been hacked, you’ll want to get it back! Worry not and read – WordPress Website Hacking & Prevention 2022 Guide
- Websites Redirecting to Digestcolect .com
- Website Redirecting To Outlook Pages & Fake Phishing Sites
- Website Redirecting to Fake Tech Support Pages – EITest Redirection
How to fix the Push Notifications, Hello Ad & Redirection Hack Campaign
Check hacker’s favorite places: Hackers have a few obvious places where they insert the virus/malicious code. When starting to fix your WordPress, it’s best you start with these. The following files should be looked at first:
- Core theme files
Find and remove the hello ad plugin: If you find this “legitimate” plugin that you think your developer or you may have installed in the past, please uninstall it, as it can damage your site.
Removing the Redirect: We recently noticed that many WordPress websites are redirected to malicious but legitimate websites.. Taking care of malicious redirection hacks requires looking into the database tables, core theme files, and sometimes your server’s configuration files too. Look for scripts/resources loaded from unknown URLs.
Since removing redirection malware is not an easy task, we have created a detailed step-by-step guide to fix redirection malware hack in wordpress. Although hackers are evolving and updating their methods to avoid being on the radar of security companies, the underlying principle is the same.
We also have a compiled list of top wordpress security scanners here.
While removing hacking is one part, what is even more important is to make sure you never get hacked and prevent your WordPress from redirection hack- WP Hacked Help has the most competent team to clean up and fix this hack in the future.
Did you know
- “Is my WordPress site hacked” – This is one of the all time trending query in Google
- 30,000 websites are hacked every day
Are you next?
Scan your website with the WP Hacked Help security scanner and contact our team of security experts to fix your hacked wordpress site before it’s too late.