We have all gotten used to clicking captchas in order to prove we are’nt robots. A new attack seems to trick website users by displaying reCAPTCHA-like images in order to “verify you’re not a robot”. But these elements are not captchas – they are browser notification opt-ins.
Thousands of WordPress websites have been infected according to a blog post published by Sucuri. According to them, the tagDiv Newspaper theme and the Ultimate Member plugin are the contributing to the infections.
Sites on the same hosting account could continue to be cross-site infected unless all websites are properly cleaned and hardened according to the Sucuri blog post.
Sucuri recommends all webmasters utilizing tagDiv’s Newspaper theme or the Ultimate Member Plugin update to the new versions as soon as possible.