Security researchers are warning owners of Joomla and WordPress websites of a malicious redirect script that is pushing visitors to malicious websites. The rogue hypertext access (.htaccess) injector found on a client website is directing website traffic to malicious sites. It s unclear how attackers gained access to the websites, but once accessible, adversaries are able to plant code onto some of the websites index.php files. The.htaccess file is used to configure a host of web page options, ranging from website access, URL redirects.
Source: https://threatpost.com/joomla-and-wordpress-malicious-redirect-code/145068/