Data URLs and HTML Entities in New WordPress Malware
Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types.
Scripts as Data URLs
The first type looks pretty similar to what we discussed in our recent post.
However, instead of placing the code between the <script>…</script> tags, these injections have begun to embed them inline using a so called data URL notation in the src parameter.