A JavaScript-based malware campaign has been discovered affecting compromised WordPress websites. The malware injects a fullscreen iframe that loads content from suspicious external domains, aiming to force users to view unsolicited content for ad fraud, traffic generation, or social engineering. The infection was found embedded in the WordPress wp_options database table, exploiting the WPCode plugin. The malicious script uses advanced evasion techniques like anti-debugging, function hijacking, and localStorage abuse. It selectively targets Windows users on specific browsers, displaying a fake Cloudflare CAPTCHA page that prompts users to run a suspicious PowerShell command. This attack not only intrudes on user experience but also poses significant security risks, potentially leading to system compromise and damage to website reputation.