Since CoinHive domain made it into many blacklists, attackers began avoiding linking to the hosted library file https://coinhive .com/lib/coinhive.min.js. Instead, they uploaded this file to…
Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection…
We are seeing hundreds of infected WordPress sites with the following scripts (in one line) injected in random places in wp_posts table. $vTB$I_919AeEAw2z$KX=function(n){if (typeof ($vTB$I_919AeEAw2z$KX.list[n])…
Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site. Our investigation revealed a hidden…
Update Dec. 8 2017: The cloudflare[.]solutions domain has now been taken down. A few weeks ago, we wrote about a massive WordPress infection that injected an…
Recently we wrote about wp-vcd malware that created rogue WordPress admin users (100010010) and injected spam links. Our readers noticed that the “nulled” premium theme…