According to the Sucuri’s researchers, they found a piece of malicious code written in PHP targeted against a Joomla site. This was used to inject malicious redirects through the .htaccess files in the site.
The code initially searches for a .htaccess file, and if detected, proceeds with injecting redirects into this file.
Upon successful code injection, another long piece of PHP code is executed which searches through all the source files and folders extensively.
What is the motive behind this?
This code injection technique is possibly used to carry out phishing campaigns by exploiting redirects. “While the majority of web applications make use of redirects, these features are also commonly used by bad actors to generate advertising impressions, send unsuspecting site visitors to phishing sites, or other malicious web pages,” the Sucuri researchers suggest.
To stay safe from this, website owners who use Joomla and WordPress are advised to check for code injections and malicious redirects in their pages.