Description:
Detected spammy posts related to the online movie streaming and downloading scam.
In March of 2017 such posts had been created as a result of exploitation of security holes in WordPress (version 4.7 and 4.7.1) REST API.
The spammy posts have screenshots from movies and buttons that invite to watch them. Here's a typycal sample of the HTML code of the links they use:
<a href="hxxps://moviefake[.]com/en/watchmovies/978857/Fifty-Shades-Darker-2017.html"><img src="hxxps://image.tmdb.org/t/p/w650_and_h365_bestv2/sBGpgqHeuVe8xLzu7ReibjdnBxf.jpg" /></a> <a rel="dofollow" href="hxxp://boxoffice76[.]com/movie/573067/the-transporter-refueled-2015.html" title="Also you can download Movie The Transporter Refueled (2015)" style="font-size:1px">Watch movie online The Transporter Refueled (2015)</a>
Affecting: WordPress sites that were not quick enough to upgrade to version 4.7.2 in February of 2017.
Cleanup: Delete spammy posts. Upgrade WordPress to the latest version.
For more information read: SEO Spam Campaign Exploiting WordPress REST API Vulnerability