An estimated 20,000 legitimate websites that use Apache server software have been compromised in an attack campaign known as “Darkleech” The campaign uses the sites to launch drive-by malware attacks against visitors. The Darkleech campaign is widespread and has infected sites around the world — from Cyprus and Denmark to Italy and Thailand. The campaign’s real-time attack techniques, coupled with attackers’ root-level access to compromised Apache servers, could make eradicating the campaign quite difficult. The attacks do have a recognizable signature, and a search string can be used to identify some of them.”]
Source: https://www.darkreading.com/attacks-breaches/darkleech-attacks-hit-20-000-websites