Security researchers from Malwarebytes uncovered today a new trick used by malware distributors that rely on sneaky domain names that fool webmasters into malicious code that mysteriously appeared on their site is responsible for powering a social sharing button.
For this trick to work, attackers must first hack into the webmaster's website. Experts say they've seen this happen on a series of Joomla and WordPress installations, which doesn't surprise us since this happens quite a lot lately.
This malicious version of the so-called "social sharing analytics" code will redirect users through a series of intermediary points, eventually landing on a page hosting the Angler exploit kit. If the user is using an outdated browser or outdated browser plugins, Angler will execute malicious routines and deliver the Bedep click-fraud malware.