Cybercriminals Hijack Google AdSense on WordPress Websites

Summarize with:

ChatGPT Claude.ai Google AI Grok Perplexity

Add as preferred source on Google

• Cybercriminals are leveraging trusted platforms like Google Adsense and Google Tag Manager to compromise websites.
• Hackers injected fake Google AdSense codes to exploit site resources and siphon ad revenue.
• The injected code was identified in multiple areas of WordPress websites.

A new wave of cyberattacks has targeted WordPress websites. Malicious actors are injecting unauthorized JavaScript into WordPress files to display their own ads instead, redirecting revenue to attacker-controlled AdSense accounts.

Hackers are leveraging trusted platforms such as Google AdSense, an advertising service that allows publishers to display targeted ads for revenue, according to a report by website security firm Sucuri.

Researchers identified distinct AdSense IDs used by attackers, including "pub-9649546719576241" and "pub-7310257338111337." 

To ensure persistence, injected code was identified in multiple areas of WordPress sites, such as the functions.php file, the wp_options database table, and within plugin directories.

The attack modifies critical files like ads.txt, ensuring continuity even if infected files are detected and removed. The attackers also employ JavaScript to dynamically inject Google advertisements during user interactions with the site, further complicating removal efforts.

At least 17 affected sites have been confirmed with these unauthorized AdSense codes, according to a public tracking database. Since these injections exploit trusted ad platforms, many website owners remain unaware of the malicious activity taking place on their websites.

While the exact method of compromise varies, Sucuri’s analysis highlights several likely entry points:

• Admin Credential Compromise: Access via stolen or weak administrative credentials.
• Outdated Plugins and Themes: Exploiting vulnerabilities in unpatched or obsolete website components.
• Weak File Permissions: Misconfigured file permissions allowing unauthorized modifications.

In other news, attackers were observed manipulating Google Tag Manager’s capabilities for malicious purposes, hiding malware as a legitimate script on a Magento-based eCommerce website, and ultimately exfiltrating checkout data, including payment card details.

Related

Small Businesses Accelerate AI Adoption Despite Strategic Gaps

Alleged Feníe Energía Data Breach May Have Exposed 1.7 Million Customer Records

Cyber Job Moves: Security And Tech Appointments In Banking, AI, And Enterprise Systems

Weekly Cybersecurity News: They’re Getting In But They’re Not Getting Away

BreachForums Version 5 Data Breach Exposed 340,000 Accounts, ShinyHunters Claim Leak

Pro-Ukrainian Bearlyfy Ransomware Group Attacks Target Russian Companies

Your Weekly Cybersecurity Briefing

Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.

Subscribe for Free

Please enter a valid email address.

Most Popular

Small Businesses Accelerate AI Adoption Despite Strategic Gaps

Alleged Feníe Energía Data Breach May Have Exposed 1.7 Million Customer Records

Cyber Job Moves: Security And Tech Appointments In Banking, AI, And Enterprise Systems

Weekly Cybersecurity News: They’re Getting In But They’re Not Getting Away

Mullvad Browser Alpha Update Adopts Rapid Release Model

IPVanish DSAR Process Explained: Access, Security Flow

Small Businesses Accelerate AI Adoption Despite Strategic Gaps

Alleged Feníe Energía Data Breach May Have Exposed 1.7 Million Customer Records

Cyber Job Moves: Security And Tech Appointments In Banking, AI, And Enterprise Systems

Weekly Cybersecurity News: They’re Getting In But They’re Not Getting Away

Mullvad Browser Alpha Update Adopts Rapid Release Model

IPVanish DSAR Process Explained: Access, Security Flow