Malware campaign 'DollyWay' breached 20,000 WordPress sites

A malware operation dubbed 'DollyWay' has been underway since 2016, compromising over 20,000 WordPress sites globally to redirect users to malicious sites. The campaign has evolved significantly in the past eight years, leveraging advanced evasion, re-infection, and monetization strategies. According to GoDaddy researcher Denis Sinegubko, DollyWay has been functioning as a large-scale scam redirection system in its latest version (v3). However, in the past, it has distributed more harmful payloads like ransomware and banking trojans. "GoDaddy Security researchers have uncovered evidence linking multiple malware campaigns into a single, long-running operation we've named 'DollyWay World Domination'," explains a recent report by Godaddy. "While previously thought to be separate campaigns, our research reveals these attacks share common infrastructure, code patterns, and monetization methods - all appearing to be connected to a single, sophisticated threat actor. "The operation was n ... Read full article.