Categories
Security

Unwanted “Shorte St” Ads in Unpatched Newspaper Theme

Unwanted “Shorte St” Ads in Unpatched Newspaper Theme

Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive “shorte st” ads that they never installed on their sites themselves. My colleague Denis Sinegubko of UnmaskParasites helped to investigate this case.

Shorte[.]st is a service that hijacks links, forcing visitors to view a page containing ads before they can visit the link they clicked on.

Continue reading Unwanted “Shorte St” Ads in Unpatched Newspaper Theme at Sucuri Blog.

Categories
Security

Fake bb_press Plugin Redirects to Mobile Pornography

Fake bb_press Plugin Redirects to Mobile Pornography

When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain access if the original vulnerability is patched. This allows hackers to continue abusing the website and server resources.

One of the techniques they use is to add fake extensions that perform various malicious activities. In this note, we will give more details on an emerging malware campaign where attackers use a bogus WordPress plugin to trigger malicious redirects.

Continue reading Fake bb_press Plugin Redirects to Mobile Pornography at Sucuri Blog.

Categories
Security

JavaScript Injections Leads to Tech Support Scam

JavaScript Injections Leads to Tech Support Scam

During a recent malware investigation, we found some interesting obfuscated Javascript code. This code pretends to appear as part of the popular AddThis social sharing plugin, using it in URL naming conventions and an image file.

The malware ultimately redirects website visitors to node.additionsnp[.]top which hosts a tech support scam that can be dangerous to visitors. This malware campaign cleverly hides its tracks with several layers of obfuscation, making it difficult for webmasters to identify the hack.

Continue reading JavaScript Injections Leads to Tech Support Scam at Sucuri Blog.

Categories
Security

Malicious Subdirectories Strike Again

Malicious Subdirectories Strike Again

In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites. By adding malicious files into a directory and using the victim’s database structure, attackers were able to inject ads and promote their products.

This time, attackers used a similar technique with a little bit more sophistication to achieve their goals.

Essay Spam Campaign

This technique is now being used to distribute essay spam targeted at students.

Continue reading Malicious Subdirectories Strike Again at Sucuri Blog.