Fake Plugins with Popuplink.js Redirect to Scam Sites

Since July, we’ve been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection involves the tiny.cc URL shortener, a fake plugin that has been called either “index” or “wp_update”, and a malicious popuplink.js file.

Infected pages typically have these two scripts in the <head> section of the page.

<script type=’text/javascript’ src=’hxxps://<hacked-site>/wp-content/plugins/index/popuplink.js?ver=4.9.7′></script>

…

Continue reading Fake Plugins with Popuplink.js Redirect to Scam Sites at Sucuri Blog.

Read more: Fake Plugins with Popuplink.js Redirect to Scam Sites