Mal.Metrica Malware Exploits WordPress Vulnerabilities: 17,000+ Sites Hit

Beware of that seemingly harmless “Verify that you are a human” pop-up window the next time you browse the web. A new strain of the notorious Mal.Metrica malware campaign is exploiting this common security check to redirect unsuspecting users to malicious and scam-filled websites.

Security analyst Ben Martin at Sucuri recently revealed this insidious new tactic. It starts when you visit a website infected with the Mal.Metrica malware. You’re suddenly presented with a human verification prompt – an increasingly normal sight on today’s internet. Many of us have become so accustomed to proving our humanity to CAPTCHA tests that we might click without a second thought.

Fake Verification – Real Redirection

Image: Sucuri

This is where the deception lies. The verification prompt is a clever disguise – a simple image overlay that masks an automatic redirect to malicious domains like rapid.tmediacontent[.]com. Once clicked, you’re plunged into a tangled web of scams, fake software downloads, and even attempts to steal your personal information.

Martin’s analysis sheds light on this scam, linking it to the infamous Mal.Metrica campaign. These threat actors have a history of exploiting WordPress vulnerabilities and injecting malicious code. In this case, they targeted a weakness in the popular “Responsive” WordPress theme to sneak in the deceptive redirect code.

What is Mal.Metrica?

Image: Sucuri

Mal.Metrica preys on recently disclosed vulnerabilities in WordPress components such as the tagDiv Composer and WP Go Maps. These security gaps allow unauthorized script injections, transforming ordinary websites into gateways for malware distribution. To date, a staggering 17,449 websites have fallen victim to this scheme in 2024 alone.

From Fake Captcha to Phishing Scams

But what happens once you take the bait and initiate the redirect? Your journey could lead to a dizzying array of dangers:

• Phishing Websites: Pages designed to trick you into entering credit card details or login credentials.
• Fake Software: Downloads of rogue antivirus programs that often contain more malware.
• Cryptocurrency Scams: Bogus sites promising quick riches.
• Browser Notification Spam: Pop-ups that lead to more shady websites and potentially harmful content.

Protect Yourself – Patch and Be Vigilant

The best defense against this Mal.Metrica evolution is a combination of vigilance and software upkeep:

• Patch and Update: Keep WordPress, plugins, and themes updated to close known security holes.
• Web Application Firewalls: Add an extra layer of protection with a WAF that can block exploit attempts.
• Think Before You Click: Be suspicious of unexpected pop-ups and prompts, even on seemingly trustworthy sites. If it looks too good to be true, it probably is.