Super Amazon Banners Plugin Gone Rogue

During a recent investigation we found the plugin Super Amazon Banners to be serving malware/spam via the domain seoranker[.]info. We suspect that the domain expired and was registered by somebody else who is using it to serve the malware now.

The plugin causes this javascript to try and load a popup (popupHtml) with many spam links to external sites. Also appears to be causing loading issues and some pages refuse to load at all:

(function() {'use strict'; if (window['shbNetLoaded']) return;window['shbNetLoaded'] = true;var popupHtml =

The issue was reported to WordPress and the plugin can no longer be downloaded, it was closed. We recommend removing the plugin from your WordPress site if you are using it.

Krasimir Konov

Krasimir Konov is Sucuri's Malware Analyst who joined the company in 2014. Krasimir's main responsibilities include analyzing malicious code, signature creation and documentation of malware. His professional experience covers more than 10 years in the IT field, with nine years involved in IT/cyber security. When he’s not analyzing malware or writing Labs notes, you might find Krasimir riding his motorcycle and traveling the world. Connect with him on Twitter or LinkedIn.

Related Tags

RealStatistics Goes TrafficAnalytics

Rodrigo Escobar
February 2, 2017

In the last few months, our Incident Response Team detected an interesting malicious code that affected a high number of websites. This malware is a…

Read the Post

JavaScript Malware Switches to Server-Side Redirects & Uses DNS TXT Records as TDS

JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS

Denis Sinegubko
April 18, 2024

Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The…

Read the Post

Korean Gambling and Call Girl Spam on Hacked and Non-hacked Sites

Denis Sinegubko
June 7, 2019

This blog post talks about how a web spam campaign that targets only one country may create problems for sites owners around the world —…

Read the Post

Missing DMARC Records Lead to Phishing

Kaushal Bhavsar
September 15, 2020

Email will continue to be the dominant mode of digital communication for the foreseeable future. However, the email framework was not designed with security in…

Read the Post

WordPress Vulnerability & Patch Roundup February 2024

Sucuri Malware Research Team
February 29, 2024

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…

Read the Post

Lightbox Adware – From Innocent Scripts to Malicious Redirects

Cesar Anjos
June 17, 2019

It’s no news that webmasters commonly make use of external scripts to add more features to their site, but things can turn out for the…

Read the Post

When Your Plugins Turn Against You

Cesar Anjos
June 13, 2017

Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations…

Read the Post

Credit Card Stealer Hidden in Fake Facebook Pixel Tracker

Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker

Matt Morrow
April 11, 2024

In recent months, we have encountered a number of cases where attackers inject malware into website software that allows for custom or miscellaneous code —…

Read the Post