Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: rogueads.cookieconsent.1

Description: Hijacked Cookie Consent plugin detected.

When the Cookie Consent plugin by Silktide stopped using Amazon CDN, someone hijacked their Amazon storage and began serving malicious scripts so that sites that still use old version of this plugin serve aunwanted ads and redirect mobile visitors instead of notifying new users about cookie use policy.

<!-- Begin Cookie Consent plugin by Silktide - http://silktide.com/cookieconsent -->
      <!-- cookie conset latest version -->
      <script type="text/javascript" src="hxxps://s3-eu-west-1.amazonaws[.]com/assets.cookieconsent.silktide​.com/current/plugin.min.js"></script>

The hxxps://s3-eu-west-1.amazonaws[.]com/assets.cookieconsent.silktide​.com/current/plugin.min.js script loads ads from s3-cdn[.]com/js2/get-js​.js and redirect mobile visitors to hxxp://get.​imobilecontent[.]tk/?utm_medium=​6a9d4be48f9dd74ece2547f9a7d3ed068107809c&utm_campaign=​aws_bb_2&1=



Affecting: Sites (mostly WordPress) with old versions of the Silktide Cookie Concent plugin

Cleanup: Remove the Cookie Consent plugin or update it to the latest version.


For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb