More than 4,500 WordPress websites have been hacked through a Javascript injection campaign.  This campaign is believed to have been active since at least 2017. The malicious code from this operation is deployed through WordPress index.php Researchers claim that over 33,000 infected files were found on some of the compromised sites in the past two months. The campaign leads users to download a blocker extension that, in addition to the ad-blocking feature, has malicious code that infects the victims' devices. This malicious extension, named Crystal Blocker, has over 120,000 users across different browser platforms. Other tools, such as Raccoon Stealer, have also been tracked in this operation, showing that the threat actors behind it aim to steal passwords, cookies, autofill data, crypto wallet information, etc.