Home | News | Sucuri Security News | Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins

Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins

Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins

On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating unwanted pop-up/pop-unders. Whenever a visitor clicks anywhere on an infected web page, they are served questionable ads.

Plugin Location

The malicious plugins possess a very similar file structure:

Injectbody

wp-content/plugins/injectbody/

  • injectbody.php: 2146 bytes (the plugin code)
  • inject.txt: 2006 bytes (injected JavaScript)

Injectscr

wp-content/plugins/injectscr/

  • injectscr.php: 1319 bytes (the plugin code)
  • inject.txt: 3906 bytes (injected JavaScript)

The functionality of these plugins are also very similar.

Continue reading Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins at Sucuri Blog.

https://blog.sucuri.net/?fwp_blog_categories=wordpress-security

Leave a Reply

Your email address will not be published. Required fields are marked *

*