Multiple Ways to Inject the Same Tech Support Scam Malware

Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites.

Shortly after, the campaign changed the domain names used in its scripts. Now it mainly uses hotopponents[.]site and learningtoolkit[.]club.

At the time of this writing, PublicWWW finds the most common patterns of this malware on thousands of sites:

“var _0xfcc4=” – 8501 sites
“hotopponents.site/site.js” – 3636 sites

Database Injections

Multiple variations of the injected scripts have been found.

Continue reading Multiple Ways to Inject the Same Tech Support Scam Malware at Sucuri Blog.

Story added 23. October 2018, content source with full text you can find at link above.

Multiple Ways to Inject the Same Tech Support Scam Malware

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts