Summary: The ‘DollyWay’ malware operation has targeted over 20,000 WordPress sites since 2016, evolving into a sophisticated redirection scam that generates millions of fraudulent impressions monthly. It employs complex tactics including dynamic script injection and auto-reinfection to maintain persistent control over compromised sites. GoDaddy researchers link various malware campaigns under the ‘DollyWay World Domination’ umbrella, emphasizing a notable escalation in risk for affected organizations.
Affected: WordPress sites and their users
Keypoints:
- ‘DollyWay’ compromises WordPress sites through n-day vulnerabilities in plugins and themes, redirecting users to malicious web pages.
- The operation employs advanced evasion techniques, including persistent reinfection and an intricate Traffic Distribution System for targeted fraud.
- GoDaddy’s research indicates a unified threat actor behind multiple campaigns, with automated mechanisms that hinder detection and removal efforts.