If you are using the Webutation badge on your site, remove it now. It appears they got hacked and are distributing malware to mobile devices through redirects hidden within the badge’s code.
We were analyzing a website that was compromised and redirecting visitors to bogus apps on the Apple App Store and the Google Play Store. The website looked clean, but the redirect kept happening for mobile users. Upon further inspection, we found out that the Webutation safety badge was responsible for the redirect.
Security Badge Causing Mobile Redirects
This is what the badge code looks like for mobile users:
You can see the last 2 lines added causing the redirect:
That opens up the popOL.php URL that loads an affiliate URL from mobitrk.com, which them pushes to the bogus apps:
Difficult to Diagnose
The malware also uses a cookie to prevent multiple redirects on the same browser, making it hard for webmasters to detect the problem.
Again, if you are using Webutation, remove the badge from your site now, at least until they get the issue fixed. We will continue to monitor the issue and provide updates when we know more.