Multiple Ways to Inject the Same Tech Support Scam Malware

Multiple Ways to Inject the Same Tech Support Scam Malware

Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites.

Shortly after, the campaign changed the domain names used in its scripts. Now it mainly uses hotopponents[.]site and learningtoolkit[.]club.

At the time of this writing, PublicWWW finds the most common patterns of this malware on thousands of sites:

  • “var _0xfcc4=” – 8501 sites
  • “hotopponents.site/site.js” – 3636 sites

Database Injections

Multiple variations of the injected scripts have been found.

Continue reading Multiple Ways to Inject the Same Tech Support Scam Malware at Sucuri Blog.

Via Sucuri.net

Tags: ,

No comments yet.

Leave a Reply