Security researchers have come across a new .htaccess code injection that is being used in sites managed by content management systems (CMS) such as Joomla and WordPress. According to researchers from Sucuri, the injection spreads all over the site and affects all related .htaccess files. It then redirects users to a malicious advertisement site http[:]//portal-f[.]pw/XcTyTp.
The .htaccess file is a configuration file which is used on web servers running the Apache Web Server software.
Worth noting
What is the motive behind this?
This code injection technique is possibly used to carry out phishing campaigns by exploiting redirects. “While the majority of web applications make use of redirects, these features are also commonly used by bad actors to generate advertising impressions, send unsuspecting site visitors to phishing sites, or other malicious web pages,” the Sucuri researchers suggest.
To stay safe from this, website owners who use Joomla and WordPress are advised to check for code injections and malicious redirects in their pages.
Publisher