WordPress Targeted with Clever SEO Injection Malware

A clever malware built for SEO injection – where a black hat loads up a webpage with spammy links, redirects and ad keywords, unbeknownst to the site owner – has been seen evading detection with an innovative approach that involves appending itself in an unusual place in the back-end code of a WordPress site.

Upon analysis, the researchers discovered that the malware has two functions. First, it can add hidden links for indexing by search engines (a process that usually violates search engine terms of service and could result in blacklisting of the site); and secondly, it can redirect site visitors to spam content.

“Infections are usually found via a simple file search for the terms attackers inject on the page,” the researchers explained in a Monday posting.
 https://threatpost.com/wordpress-seo-injection-malware/140055/