The Independent’s blog is one of dozens of Wordpress-operated websites that have been hacked and are performing malicious redirections, without their webmaster’s knowledge.
By injecting stowaway code, criminals are able to redirect readers an Angler Exploit Kit, which helps criminals take full control of a user's system and infiltrate their personal and financial details.
The code is tricky to discover due to its conditional nature – and it may only be present in some browsers like Internet Explorer rather than Chrome, for example.
Following a compromise, readers of the Independent’s blog will see Flash load on the front-end. This is because hackers have injected rapidly changing URLs using randomly generated subdomains, hosting the Flash application.
By traffic filtering using the same ActionScript code base, the criminals can take over full control of a website user’s system and mine for valuable information.
The Independent’s blog is running on an old version of WordPress, according to SiteCheck (a resource from web security company Sucuri).
But the popular news site's vulnerability is part of a larger trend. Security firm Malwarebytes first spotted the ‘Flash EITest’ malware campaign last year, and says the hackers have become more prevalent in recent months.
The firm contacted The Independent, who have not responded.
Those using WordPress are advised to keep their website and its CMS updated, use strong passwords and remember that malicious injected code is one small symptom of larger attacks.
“It’s important to identify backdoors, .htaccess modifications as well as the original entry point by looking at your error and access blogs,” MalwareByte's Jerome Segura will state in a blog seen exclusively by Techworld.
Online daters in the UK were also targeted by a malware campaign on dating site Match.com earlier this year.
Find your next job with techworld jobs