A digital parasite has been silently feasting on WordPress sites since 2016. Named DollyWay—after its cheeky code string “define(DOLLY_WAY, World Domination)”—this malware campaign has compromised more than 20,000 websites globally. Not exactly subtle with those ambitions, are they?
The operation has evolved dramatically since its inception. What began as a typical malware distribution network has transformed into a sophisticated scam redirection system. Version 3 now specializes in shuffling unsuspecting visitors to fake dating sites, gambling platforms, and cryptocurrency scams. How generous of them to diversify our online experiences.
DollyWay’s infection method is both clever and frustrating. It targets vulnerabilities in WordPress plugins and themes, injecting malicious scripts through wp_enqueue_script. Once embedded, it analyzes web traffic using a Traffic Direction System, fundamentally playing air traffic controller for your browser—except instead of a safe landing, you’re headed for a crash.
The truly devious part? This digital cockroach reinfects sites with every page load. It spreads across active plugins like wildfire and installs hidden copies of legitimate plugins loaded with obfuscated malware. Hidden admin accounts with random 32-character names lurk in databases. Good luck finding those without diving into SQL.
These redirections generate around 10 million fraudulent impressions monthly. That’s a lot of unwanted detours to scamville. The final redirect only happens after user interaction—a clever evasion of passive security scans. Meanwhile, affiliate tracking guarantees the attackers get paid for every misdirection. Ka-ching!
GoDaddy researchers have shared indicators of compromise to help combat the threat, but removal remains challenging. The malware filters out bot users and logged-in admins, making detection even harder. It’s like playing whack-a-mole, except the mole has invisibility powers and multiplies when hit.
The battle continues. WordPress sites remain under siege by this persistent threat that’s proven as adaptable as it is annoying. Much like the infamous infostealer trojans that have compromised 10 million devices in 2023 alone, DollyWay represents a growing trend of sophisticated malware that can bypass traditional security measures.
