WordPress sites backdoored with ad fraud plugin

18 February 2023
About 50 WordPress blogs have been backdoored with a plugin called fuser-master. This plugin is being triggered via popunder traffic from a large ad network. The WordPress sites are loaded on a separate page underneath and display a number of ads.