SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. rogueads.cookieconsent.1

rogueads.cookieconsent.1

Description:
Hijacked Cookie Consent plugin detected.

When the Cookie Consent plugin by Silktide stopped using Amazon CDN, someone hijacked their Amazon storage and began serving malicious scripts so that sites that still use old version of this plugin serve aunwanted ads and redirect mobile visitors instead of notifying new users about cookie use policy.

<!-- Begin Cookie Consent plugin by Silktide - http://silktide.com/cookieconsent -->
      <!-- cookie conset latest version -->
      <script type="text/javascript" src="hxxps://s3-eu-west-1.amazonaws[.]com/assets.cookieconsent.silktide​.com/current/plugin.min.js"></script>

The hxxps://s3-eu-west-1.amazonaws[.]com/assets.cookieconsent.silktide​.com/current/plugin.min.js script loads ads from s3-cdn[.]com/js2/get-js​.js and redirect mobile visitors to hxxp://get.​imobilecontent[.]tk/?utm_medium=​6a9d4be48f9dd74ece2547f9a7d3ed068107809c&utm_campaign=​aws_bb_2&1=

Affecting: Sites (mostly WordPress) with old versions of the Silktide Cookie Concent plugin

Cleanup: Remove the Cookie Consent plugin or update it to the latest version.