After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this one:

Massive #Drupal infection that redirects to “Tech Support” scam via “js.localstorage[.]tk” https://t.co/30ZeLIyfza pic.twitter.com/ZCPMepM74k

— Denis (@unmaskparasites) April 24, 2018

… with over a thousand compromised sites that redirect visitors to “Tech support” scam pages.

Malicious Injections

The infected pages contain the following JavaScript code, which is injected into various .tpl.php, .html.twig and .js files.

Continue reading Massive localstorage[.]tk Drupal Infection at Sucuri Blog.

Via Sucuri.net