A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the WordPress keylogger from Cloudflare[.]solutions. This malware was originally identified by one of our analysts in April 2017 and has since evolved and spread to new domains.
Keylogger Spreads to New Domains
A few days after our keylogger post was released on Dec 8th, 2017, the Cloudflare[.]solutions domain was taken down.