Home > Security > Security News

Cybercriminals Hijack Google AdSense on WordPress Websites

Published on April 16, 2025
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

A new wave of cyberattacks has targeted WordPress websites. Malicious actors are injecting unauthorized JavaScript into WordPress files to display their own ads instead, redirecting revenue to attacker-controlled AdSense accounts.

Hackers are leveraging trusted platforms such as Google AdSense, an advertising service that allows publishers to display targeted ads for revenue, according to a report by website security firm Sucuri.

Researchers identified distinct AdSense IDs used by attackers, including "pub-9649546719576241" and "pub-7310257338111337." 

Hackers’ AdSense ad example
Hackers’ AdSense ad example | Source: Sucuri

To ensure persistence, injected code was identified in multiple areas of WordPress sites, such as the functions.php file, the wp_options database table, and within plugin directories.

Hackers’ AdSense ad example
AdSense ad example | Source: Sucuri

The attack modifies critical files like ads.txt, ensuring continuity even if infected files are detected and removed. The attackers also employ JavaScript to dynamically inject Google advertisements during user interactions with the site, further complicating removal efforts.

At least 17 affected sites have been confirmed with these unauthorized AdSense codes, according to a public tracking database. Since these injections exploit trusted ad platforms, many website owners remain unaware of the malicious activity taking place on their websites.

While the exact method of compromise varies, Sucuri’s analysis highlights several likely entry points:

In other news, attackers were observed manipulating Google Tag Manager’s capabilities for malicious purposes, hiding malware as a legitimate script on a Magento-based eCommerce website, and ultimately exfiltrating checkout data, including payment card details.

Add a Comment
Related
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
Spotify
Spotify Targets ‘SpotifyDL’ Track Download Extension with DMCA Takedown to Protect Its Platform
india justice court
Indian Court Issues Ruling to Block Proton Mail Over Misuse and Noncompliance Allegations
Rhysida Ransomware Targets US Architecture and Engineering Company ‘LaBella Associates’
Most Popular
Now You See Me: Now You Don’t
What you Should know About the Now You See Me: Now You Don’t (2025) film
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
NCIS: Origins
What you Should know About NCIS: Origins Season 2 - Release Window, Gibbs' Story, and more
Thunderbolts
Thunderbolts Post-Credits Scene: How many are There and what is Shown? 
What you Should know About the Now You See Me: Now You Don’t (2025) film
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
What you Should know About NCIS: Origins Season 2 - Release Window, Gibbs' Story, and more
Thunderbolts Post-Credits Scene: How many are There and what is Shown? 

Most Popular
Now You See Me: Now You Don’t
What you Should know About the Now You See Me: Now You Don’t (2025) film
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
NCIS: Origins
What you Should know About NCIS: Origins Season 2 - Release Window, Gibbs' Story, and more
Thunderbolts
Thunderbolts Post-Credits Scene: How many are There and what is Shown? 
What you Should know About the Now You See Me: Now You Don’t (2025) film
Outlaw Botnet Targets Linux Systems, Exploiting Weak or Default SSH Credentials
Novel Grinex Platform Allegedly Linked to Sanctioned Garantex Crypto Exchange
Perplexity AI’s New Browser Collects User Data for Advertising Purposes, Raises Privacy Concerns
What you Should know About NCIS: Origins Season 2 - Release Window, Gibbs' Story, and more
Thunderbolts Post-Credits Scene: How many are There and what is Shown? 

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: