216.73.217.80

Cascading Redirects: Unmasking a Multi-Site JavaScript Malware Campaign

· Published 07/03/2025 04:25 · Modified 07/03/2025 10:10

Export JSON

Essential information

Published
07/03/2025 04:25
Modified
07/03/2025 10:10
Tags
2025-03-07 javascript injection malicious redirects seo damage theme file modification traffic hijacking two-stage attack wordpress
Related entities
3 observables, 7 techniques (mitre)

Description

A recent investigation uncovered a malicious affecting websites, redirecting visitors to unwanted third-party domains. The attack vector involves a two-stage redirection process, injecting code into theme files and loading external scripts. The malware creates hidden elements to force redirects, potentially leading to phishing pages, malvertising, exploit kits, or scam sites. At least 31 infected websites were identified, with domains like awards2today[.]top and chilsihooveek[.]net involved. The infection methods include compromised admin accounts, exploited vulnerabilities, inadequate file permissions, and hidden PHP backdoors. Impacts include traffic loss, reputation damage, SEO blacklisting, and risks of further infections. Detection involves inspecting network activity and file modifications, while prevention measures include regular security audits, updates, strong passwords, and web application firewalls.

External references