Multiple Ways to Inject the Same Tech Support Scam Malware
<p>Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites.</p>
Shortly after, the campaign changed the domain names used in its scripts. Now it mainly uses hotopponents[.]site and learningtoolkit[.]club.
At the time of this writing, PublicWWW finds the most common patterns of this malware on thousands of sites:
- “var _0xfcc4=” – 8501 sites
- “hotopponents.site/site.js” – 3636 sites
Database Injections
Multiple variations of the injected scripts have been found.
Continue reading Multiple Ways to Inject the Same Tech Support Scam Malware at Sucuri Blog.