Recently, a new variation of this type of infection has emerged. The new campaign uses trafficanalytics[.]online as the source for the injected script. Although it appears to be simple, the damage to a website can be devastating – RealStatistics was known for spreading ransomware on both WordPress and Joomla sites.
Malicious TrafficAnalytics on WordPress
Currently, we are seeing a large number of WordPress websites being infected. The infection is often found within the wp_posts table or the header.php file.
The final destination of this redirect chain is currently blacklisted by Microsoft: