911 Hack Removal

New Malware Campaign targeting WordPress sites to Create Fake Spam Pages and Hijack Site’s SEO

Updated on: March 2, 2022

New Malware Campaign targeting WordPress sites to Create Fake Spam Pages and Hijack Site’s SEO

Recently, Astra Security Threat Intelligence Team has spotted an ongoing malware campaign targeting WordPress sites in the wild. This malware campaign is causing serious repercussions such as:

  • inaccessible WP admin dashboard, 
  • redirecting login page, 
  • site redirecting to malicious pages, 
  • fake gaming, toys & dating related spam pages popping up, 
  • SEO spam search results ranking on Google, and so on.

We’ve been tracking similar types of campaigns for the last couple of years and observed that this ongoing campaign is somewhat similar to the Pharma hack and Spam link injection hack we reported earlier.

A large number of sites are being targeted

As a security provider, we continuously monitor the latest cyber threats and malware campaigns that disrupt businesses on a daily basis. In this malware campaign, we are seeing a large number of WordPress and Magento sites being targeted. Currently, the source of the campaign is unidentified but the pattern that is used to target and infect sites is quite familiar. 

Here are some of the examples of spam pages/URLs and search engine results that we found for an infected site: 

Spammy gaming pages appear in Google search for the website

Once the hacker infects a site, he creates multiple fake spam pages (in this case, the hacker creates gaming, toys and dating related pages). These pages then get indexed by Google and start ranking on the SERPs as legitimate search results, owing to the good SEO standards of the compromised site.

Unlike the Korean SEO Spam hack, this hack displays results in the English language in Google search. Another thing to note about this hack is that it creates a large number of fake pages on a site – in hundreds.

In another variation of this hack, we saw users being locked out of their websites as their admin login page starts redirecting. In some cases, the website also started redirecting.

Those who could still access their website’s backend, said they couldn’t find the spam blog posts in the backend but could see them ranking on Google. This hints that the campaign has been skillfully designed to hide the malware location very well.

One of our customers said,

“I’ve been trying to recover my WordPress dashboard for over a week now – login redirects too many times and fails or shows a page not found error.”

Another customer said,

“depending on how I try to access the dashboard it just doesn’t get there. using wp-admin login, in Chrome/Edge I get a too many redirects error. Trying from CPanel, I get a page not found. And then I get a Google report that my most visited pages are something about games and dolls, and I don’t have anything like that on my website…

Similar URLs are also tracked by Google Search Console as legitimate URLs of an infected site.

Google Search Console shows spammy pages as legitimate ones

If you’re seeing any of the above symptoms for your website, you should immediately get professional help from security experts who can clean this infection for you quickly.

Secure your WordPress website before hackers try to hack it!

Astra Website Protection has helped thousands of WordPress sites prevent cyberattacks.

How to check if your site is infected?

If you are unsure about this hack on your website, follow the below steps to confirm if your WordPress or Magento site has been hacked or not:

  1. Scan your WordPress site with an SEO spam detector.
  2. Check for spammy keywords in your Google Analytics or Google Search Console. If you find any irrelevant keywords such as “viagra”, “Nexium”, or “Cialis“ then your WP site may be a victim of a WordPress pharma hack.
  3. Check if your site is Blacklisted by Google.
  4. Check if your account has been suspended by your hosting provider.

If you are sure that your site is hacked then you must take immediate steps to remove this malware. You may follow this guide to effectively remove WordPress spam from search results.

Also Read: Step-by-Step WordPress Malware Removal Guide

30,000 websites get hacked every single day. Are you next?

Secure your website from malware & hackers using Website Protection before it is too late.

Aakanchha Keshri

Aakanchha is a technical writer and a cybersecurity enthusiast. She is an avid reader, researcher, and an active contributor to our blog and the cybersecurity genre in general. To date, she has written over 200 blogs for more than 60 domains on topics ranging from technical to promotional. When she is not writing or researching she revels in a game or two of CS: GO.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany