Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites selling luxury goods. Most of the time this involves injecting hundreds of spam links into the site’s database but in this case a deceptive, fake plugin called mobile-shortcuts was able to be a bit more discreet. Below I go over the process by which this SEO spam injection was uncovered and identified.
Site (SEO Spam) Unseen
Recently I came across a website displaying a (BlackHat) SEO spam warning – pretty typical in terms of what we see day to day:
Our first analysis of the site cleared quite a few backdoors and a few known hack tools but, even so, this SEO spam persisted.