Since July, we’ve been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection involves the tiny.cc URL shortener, a fake plugin that has been called either “index” or “wp_update”, and a malicious popuplink.js file.
Infected pages typically have these two scripts in the section of the page.
<script type='text/javascript' src='hxxps:///wp-content/plugins/index/popuplink.js?ver=4.9.7′>
…
Continue reading Fake Plugins with Popuplink.js Redirect to Scam Sites at Sucuri Blog.