OneTone WordPress Theme Vulnerability

malware
attacker.net malware removal

We found many WordPress websites redirecting to malicious URLs and spam domains. After a deep investigation it turned out to be caused by the vulnerable WordPress OneTone theme.

The hack usually takes place in this file: ./wp-content/themes/onetone/includes/theme-functions.php

Beside the above file infection, The Hacker also inject a “eval(atob” malicious javascript malware in WordPress database onetone value within the wp_options table which is responsible for redirecting the website to other suspicious domains such as ischeck[.]xyz

You can check your website security by using this Free website malware scanner

Here is a snippet showing the infection in action as found on an infected website:

[root@toor ~]$ curl -I https://victim-website[.]net/

HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=15
Date: Mon, 11 Apr 2020 19:51:16 GMT
Server: Apache
X-Powered-By: PHP/7.2.16
Location: https://ischeck[.]xyz

As you can notice, The Rank Math SEO is causing a redirect to the malicious domain ischeck which is then redirect to checkandgo and overzoruaon spam domains. Some of the malware domains involved with this specific hack incident:

checkandgo[.]info

ischeck[.]xyz

https://overzoruaon[.]com/

Signup and Try our malware removal service and let’s clean & protect your websites by using our Website Firewall Protection!

You can check your website security by using this website malware scanner

https://scan.attacker.net

Website Hacked OR #Blacklisted? Get it Cleaned & Protected Immediately!

https://attacker.net/website-security-plans-pricing

https://attacker.net/website-security

Free Scanner: https://scan.attacker.net

#Security #wordpress #joomla #magento #drupal #hosting #cpanel #linux #websitesecurity #securedwebsite #hacked