Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

WordPress malicious JavaScript redirect campaign

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

The WordPress compromise campaign is turning site visits into a malware delivery path, redirecting users to ClickFix-style pages and fake Cloudflare verification screens. Attackers injected malicious JavaScript through functions.php and used remote loaders on brazilc[.]com and porsasystem[.]com to serve the payload. The activity matters because it reaches normal visitors through trusted websites and can hand them off to malware pages. It also hides behind legitimate-looking ads and browser-challenge branding to reduce suspicion.

Related Happenings

WordPress malware hides C2 data in Steam Community comments

Malware Activity
First: 01.06.2026 20:04 Last: 01.06.2026 20:04 Sources 1

About this happening: A **WordPress malware** operation has been uncovered on **approximately 1,980 websites**, raising the risk of hidden **command-and-control (C2)** traffic and persistent page injec...

Open Happening

WordPress malware campaign using Steam profile C2 concealment

Campaign
First: 01.06.2026 20:04 Last: 01.06.2026 20:04 Sources 1

About this happening: A **WordPress malware campaign** has infected about **1,980 websites** since **July 2025**, and it hides **command-and-control (C2) data** in **Steam Community profile comments**...

Open Happening

Venom Stealer MaaS continuous credential theft and exfiltration

Malware Activity
First: 01.04.2026 16:30 Last: 01.04.2026 16:30 Sources 1

About this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...

Open Happening

FAUX#ELEVATE phishing campaign targeting French-speaking corporate environments

Campaign
First: 24.03.2026 18:35 Last: 24.03.2026 18:35 Sources 1

About this happening: The **FAUX#ELEVATE** phishing campaign is actively targeting **French-speaking corporate environments** with **fake resume/CV lures** that deliver malware for **credential theft**...

Open Happening

ClickFix MacSync social-engineering campaign targeting macOS users

Campaign
First: 16.03.2026 13:41 Last: 16.03.2026 13:41 Sources 1

About this happening: A **ClickFix** campaign is using **fake Cloudflare CAPTCHA verification challenges**, **embedded video tutorials**, and **automatic OS detection** to trick victims into pasting an...

Open Happening

Timeline

  1. 08.10.2025 19:43 1 articles · 7mo ago

    Compromised WordPress sites redirect visitors to ClickFix pages

    Exploitation Observed

    Users visiting compromised sites on September 19, 2025 were sent through an infection chain that executed `porsasystem[.]com/6m9x.js`, then `porsasystem[.]com/js.php`, and then directed victims to ClickFix-style pages for malware delivery.

    Show sources
    Open in new tab
  2. 08.10.2025 19:43 2 articles · 7mo ago

    Sucuri analyzes malicious WordPress JavaScript loader

    Technical Analysis Update

    On October 8, 2025, Sucuri investigators found a compromised WordPress site serving suspicious third-party JavaScript after attackers modified `functions.php`; the loader sent HTTP POST requests to `brazilc[.]com`, which returned code that loaded `porsasystem[.]com` and a hidden 1x1 pixel iframe mimicking Cloudflare challenge assets such as `cdn-cgi/challenge-platform/scripts/jsd/main.js` to redirect site visitors.

    Show sources
    Open in new tab