For nearly a decade, a malware campaign dubbed DollyWay has silently compromised over 20,000 WordPress websites, evolving from a ransomware and banking trojan distributor to a sophisticated scam redirection network. Researchers at GoDaddy have now uncovered the full scale of this operation, which generates 10 million fraudulent ad impressions per month by redirecting site visitors to fake crypto, gambling, and dating scams.
In this episode, we break down:
🔹 How DollyWay exploits WordPress plugin vulnerabilities to gain access
🔹 Its multi-stage redirection system that filters traffic and evades detection
🔹 Advanced persistence mechanisms, including hidden admin accounts and automatic re-infection
🔹 The monetization strategy through networks like VexTrio and LosPollos
🔹 Why removing DollyWay is extremely difficult—and what website owners can do to protect themselves
With WordPress powering over 40% of the web, this campaign is a wake-up call for website administrators everywhere. Tune in as we dissect the inner workings of DollyWay and provide actionable security tips to keep your site safe.
4o