Some of the malicious domains include gotosecond2[.]com, adsformarket[.]com, admarketlocation[.]com, and admarketresearch[.]xyz.
“We encourage website owners to disable the modification of primary folders block hackers from inserting malicious files or includes as part of WordPress security hardening and security best practices,” said Sucuri.
Researchers also observed threat actors abusing /wp-admin/ features to create fake plugin directories that contain further malware.
The team added that the threat actors are expected to continue to register new domains or use existing unused domains as more security vendors blacklist malicious domains.
At the time of writing, the Sucuri research team discovered over 2,000 newly infected WordPress sites.