Recently, a dangerous vulnerability was found in the File Manager plugin for WordPress that allows…
Let me remind you that we also wrote that 1.2 million WordPress site owners were affected by the GoDaddy data breach.
Malicious code is injected into various files of compromised sites, databases, and core WordPress files, including ./wp-includes/js/jquery/jquery.min.js and ./wp-includes/js/jquery/jquery-mgrate.min.js. Essentially, the attackers are trying to put their own malicious code into any .js files with jQuery in the name. To avoid detection and hide their activity, hackers use CharCode.
Typically, these redirects lead to phishing pages, malware downloads, banner ads, or even more redirects. For example, an injection on a hacked site creates a new script element with the legendtable[.]com domain as the source. This domain refers to a second external domain – local[.]drakefollow[.]com – which refers to another, thereby creating a chain through which the visitor passes until he is redirected to some malicious resource.
Before reaching the final landing page, some visitors are taken to a fake CAPTCHA page that tries to trick them into signing up for push notifications from a malicious site.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…