MENU

Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
ANTI-CYBERCRIME GROUP
Camp BGen Rafael T Crame, Quezon City
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

ACG-CYBER SECURITY BULLETIN NR 194: Beware of Pharma Hack 

Reference Number ACG-CSB 082420194

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

The Pharma Hack is an exploit that takes advantage of vulnerabilities in WordPress or Joomla documents, causing search engines, notably the one hosted by Google, to return ads for pharmaceutical products along with legitimate listings. The hack can be difficult to detect because it does not affect the displayed pages of the compromised Web site or blog.

The purpose of the pharma hack is to make pharmaceutical sales sites they are promoting appear higher in Google results than they otherwise would. The Google search engine ranks the list of hits for a given Web site according to (among other factors) the number of external sites that link to it. By inserting the rogue code into an unsuspecting victim's site, the hack in effect links that site to the cracker's site. If done on a large enough scale, this tactic can result in the cracker's Web site showing up near the tops of various hit lists resulting from keyword-based searches.

When a hacker has access to your site, they can change its contents. In a pharma hack, hackers redirect visitors to their own websites, insert spam links, change the title of your pages, and even add new pages. Hackers infect WordPress websites cleverly with minimal disturbance so that their dirty business goes undetected for as long as it possibly can.

Victims of the pharma hack have reported decreased traffic to their sites and, in some cases, removal of their sites by Google from search result lists. Because Web site owners cannot readily see when they have been pharma hacked, the online reputation of a legitimate company or individual can be seriously damaged

RECOMMENDATION

   All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of Pharma Hack to wit:

  • Never use cracked versions of themes and plugins
  • Install and continuously update to the newest safety plug-ins
  • Update to the newest version of your CMS
  • Keep your site updated
  • Get a reliable hosting provider
  • Use strong credentials
  • Install a security plugin
  • Block unusual traffic to your webshop

For additional information, please refer to the following websites:

  • https://www.malcare.com/blog/what-is-pharma-hack-how-to-clean-it/#:~:text=In%20a%20pharma%20hack%2C%20hackers,long%20as%20it%20possibly%20can.
  • https://whatis.techtarget.com/definition/pharma-hack
  • https://www.clearhaus.com/blog/pharma-hacking/

POINT OF CONTACT

            Please contact PMAJ JOSEPH ARVIL L VILLARAN, Police Communication Relation officer thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.