When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Over the years, it also improved evasion, reinfection, and monetization strategies.
To compromise WordPress websites, DollyWays operators looked for n-day vulnerabilities in plugins and themes for the platform.
Image credit: Shutterstock
To check that attackers get paid per redirection, they used VexTrio and LosPollos networks.
It also wasnt redirecting any logged-in WordPress users, bots, and direct visitors who were coming without referrers.
It was also quite persistent, GoDaddy said, since reinfection would occur with every page load.
At first, GoDaddys researchers were under the impression that they were analyzing multiple groups and different campaigns.
