Global CyberSecurity

Legacy Mauthtoken Malware Continues to Redirect Mobile Users

0

During malware analysis, we regularly find variations of this injected script on various compromised websites: .

The variable _0x446d assigns hex encoded strings in different positions in the array. If we get the ASCII representation of the variable, we’ll end up with the following code:

var _0x446d=[“_mauthtoken”,”indexOf”,”cookie”,”userAgent”,”vendor”,”opera”,”hxxps://zeep.ly/ev4Va”,”googlebot”,”test”,”substr”,”getTime”,”_mauthtoken=1; path=/;expires=”,”toUTCString”,”location”];

In this array, you can find a “shortened” redirect URL: hxxps://zeep[.]ly/ev4Va.

Continue reading Legacy Mauthtoken Malware Continues to Redirect Mobile Users at Sucuri Blog.

Top 10 Changes That Impacted Google My Business in 2020

Previous article

U.S. gives green light for the sale of Lockheed Martin F-22 Raptor fighters to Israel

Next article

You may also like

Comments

Comments are closed.