Tag: Hacked Websites

  • Hackers Change WordPress Siteurl to Pastebin

    Hackers Change WordPress Siteurl to Pastebin

    Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]net domain didn’t work and the infection simply broke the compromised sites. Our SiteCheck scanner […]

  • Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability

    Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability

    We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigations show that the issue is related to a security vulnerability in the WP GDPR Compliance plugin for WordPress (with 100,000+ active installations). The new General Data Protection Regulation (GDPR) laws in the EU have made…

  • Saskmade[.]net Redirects

    Saskmade[.]net Redirects

    Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same week, we started detecting new modifications of the scripts injected by this attack. The general idea of the malware is the same, but the domain name and obfuscation has changed slightly. For…

  • Multiple Ways to Inject the Same Tech Support Scam Malware

    Multiple Ways to Inject the Same Tech Support Scam Malware

    Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites. Shortly after, the campaign changed the domain names used in its scripts. Now it mainly uses hotopponents[.]site and learningtoolkit[.]club. At the time of this writing, PublicWWW finds the most common patterns…