Research Saturday 3.25.23
Ep 274 | 3.25.23

Popunders are not the good kind of ads.

Show Notes

On this episode, Jérôme Segura, senior threat researcher at Malwarebytes, shares his team's work, "WordPress sites backdoored with ad fraud plugin." WordPress is an immensely popular content management system (CMS) powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to search engine optimization (SEO) techniques to maximize their revenues.

The Malwarebytes team discovered a few dozen WordPress blogs using the same plugin that mimics human activity by automatically scrolling a page and following links within it, all the while a number of ads were being loaded and refreshed. The blogs would only exhibit this invalid traffic behavior when launched from a specific URL created by this plugin, otherwise they appeared completely legitimate.

The research can be found here: