From Fake Updates to Unwanted Redirects

At the end of February, we wrote about a massive wave of site infections that pushed fake browser updates.

In the beginning of March, the attack evolved into redirecting site visitors to sketchy ad URLs.

In WordPress, the injected script is typically found at the bottom of footer.php files of the active theme. It still comprises of an “eval(function(p,a,c,k,e,d)…” obfuscated script and Histats code with the same 4214393 ID (which is now found on 1564 sites).

Denis Sinegubko

Denis Sinegubko is Sucuri’s Senior Malware Researcher who joined the company in 2013. Denis' main responsibilities include researching emerging threats and creating signatures for SiteCheck. The founder of UnmaskParasites, his professional experience covers over 20 years of programming and information security. When Denis isn’t analyzing malware, you might not find him online at all. Connect with him on Twitter.

Related Tags

Hosting page templates causing your website ad campaign to be blocked

Cesar Anjos
May 22, 2019

It’s quite common that hosting providers have templates set for pages like 40x and 50x error pages but it’s uncommon for those templates to have…

Read the Post

X-Cart Skimmer with DOM Based Obfuscation

PrestaShop Skimmer Concealed in One Page Checkout Module

Matt Morrow
July 19, 2022

PrestaShop is a popular freemium open source e-commerce platform used by hundreds of thousands of webmasters to sell products and services to website visitors. While…

Read the Post

Malicious Injection Redirects Traffic to Parked Domain for Ad Monetization

Malicious Injection Redirects Traffic via Parked Domain

Puja Srivastava
July 13, 2023

During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The…

Read the Post

WordPress Vulnerability & Patch Roundup April 2023

Cesar Anjos
April 27, 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…

Read the Post

AccessPress Themes Hit With Targeted Supply Chain Attack

Ben Martin
January 20, 2022

Security researchers at Automattic recently reported that the popular WordPress plugin and theme authors AccessPress were compromised and their software replaced with backdoored versions. The…

Read the Post

malicious backdoor in image blog post header

Website Security

Malicious Backdoors: Fake Images and Strrev Functions

Samuel Odendaal
September 15, 2017

When a website is compromised, attackers frequently leave behind a backdoor – according to our research around 70% of all website hacks include a backdoor.…

Read the Post

Fake UpdraftPlus Plugins

Denis Sinegubko
October 17, 2019

We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins…

Read the Post

SEO Spam Links in Nulled Plugins

Mohit Jawanjal
December 29, 2020

It’s not unusual to see website owners running things on a budget. Choosing a safe and reliable hosting company, buying a nice domain name, boosting…

Read the Post

Fake Instagram Verification & Twitter Badge Phishing

Luke Leal
August 9, 2022

Social media platforms like Instagram and Twitter offer verification badges as a credibility indicator to help show authenticity and integrity to visitors. To obtain a…

Read the Post

Social Warfare Vulnerability Probes

Denis Sinegubko
March 29, 2019

After a recent disclosure of the Social Warfare plugin vulnerability, we’ve seen massive attacks that inject malicious JavaScripts into the plugin options. The vulnerability has…

Read the Post

Related Tags

Related Categories

You May Also Like