• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
Labs Note

Fake Wp.org/jquery.js

October 30, 2018Denis Sinegubko

0
SHARES
FacebookTwitterSubscribe

There is a long-lasting malware campaign (dating back to at least 2016) that injects fake jQuery scripts:

<script type="text/javascript" src="hxxps://www.XX[X]wp[.]org/jquery.js"></script>

Where XX[X] are 2 or 3 random characters.

This Twitter thread mentions some of them:

 

Empty JS injection hxxp://9iwp[.]org/jquery.js” found on 1000+ WooCommerce sites. Registered Aug 5th. Expanding network before activation payload? https://t.co/ak0r7U9mTC

— Willem de Groot (@gwillem) August 31, 2018

We’ve compiled a longer list of the fake jQuery URLs employed by this campaign, along with numbers of websites PublicWWW currently finds them on:

  • www.9iwp[.]org/jquery.js – 6473
  • www.34wp[.]org/jquery.js – 2830
  • www.3vwp[.]org/jquery.js – 2552
  • www.7owp[.]org/jquery.js – 1248
  • www.57wp[.]org/jquery.js – 168
  • www.29wp[.]org/jquery.js – 115
  • www.j3wp[.]org/jquery.js – 85
  • www.i1wp[.]org/jquery.js – 51
  • www.i7wp[.]org/jquery.js – 17
  • www.x5wp[.]org/jquery.js – 12
  • www.i2wp[.]org/jquery.js – 8
  • www.35wp[.]org/jquery.js – 6
  • www.75wp[.]org/jquery.js – 4
  • www.10wp[.]org/jquery.js – 3
  • www.I0wp[.]org/jquery.js – 3
  • www.I3wp[.]org/jquery.js – 3
  • www.61wp[.]org/jquery.js – 3
0
SHARES
FacebookTwitterSubscribe

Categories: Sucuri Labs, Website Malware Infections, WordPress SecurityTags: Labs Note, Malware

About Denis Sinegubko

Denis Sinegubko is Sucuri’s Senior Malware Researcher who joined the company in 2013. Denis' main responsibilities include researching emerging threats and creating signatures for SiteCheck. The founder of UnmaskParasites, his professional experience covers over 20 years of programming and information security. When Denis isn’t analyzing malware, you might not find him not online at all. Connect with him on Twitter.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

WordPress Security Course

The Anatomy of Website Malware Webinar

WordPress Security Guide

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.