JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS | allinfosecnews.com

April 18, 2024, 6:51 p.m. | Denis Sinegubko

Sucuri Blog blog.sucuri.net

Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The most interesting thing about that malware was how it used dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs.

We’ve been tracking this campaign ever since — and we’ve recorded multiple changes in obfuscation techniques and domain names used in their DNS TXT traffic direction system (TDS).

Continue reading JavaScript Malware Switches …

august black hat tactics campaign cloud code com compromised compromised wordpress sites dns domain domains dynamic godaddy infosec hacked websites javascript javascript malware malicious malware malware campaign records redirect redirects server server security switches tracker txt urls website backdoor website malware infections website security wordpress wordpress security wordpress sites

More from blog.sucuri.net / Sucuri Blog

From Privacy to Exfiltration: Telegram’s Role in Website Malware 2 days, 12 hours ago | blog.sucuri.net

abuse black hat tactics creators cybercriminals +21

WordPress Vulnerability & Patch Roundup May 2024 4 days, 9 hours ago | blog.sucuri.net

attacks automated awareness disclosures +32

How to Fix the NET::ERR_CERT_DATE_INVALID Error 1 week, 1 day ago | blog.sucuri.net

address can certificate connection +14

Server Side Credit Card Skimmer Lodged in Obscure Plugin 1 week, 3 days ago | blog.sucuri.net

attackers card credit credit card +22

What is HTTP 504 Gateway Timeout & How to Fix It 2 weeks, 4 days ago | blog.sucuri.net

best practices can error errors +14

What is HTTP Error 502 Bad Gateway & How to Troubleshoot It 3 weeks, 2 days ago | blog.sucuri.net

bad best practices can error +21

What is HTTP Error 429: Too Many Requests 3 weeks, 4 days ago | blog.sucuri.net

access can code error +15

Mal.Metrica Redirects Users to Scam Sites 4 weeks, 2 days ago | blog.sucuri.net

analysts black hat tactics click compromised +11

WordPress Vulnerability & Patch Roundup April 2024 1 month ago | blog.sucuri.net

april attacks automated awareness +33

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com