The attack consists of a malicious script injected within compromised WordPress sites that launches another URL whose final purpose is to load the Angler exploit kit.
Speaking exclusively to TechWorld, Malwarebytes said the breach is based around shortened Google URLs «which the hacking team use to install an Angler exploit kit to plant Bedep ad fraud Trojans through adverts on the site.»