all InfoSec news
JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS
Sucuri Blog blog.sucuri.net
Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The most interesting thing about that malware was how it used dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs.
We’ve been tracking this campaign ever since — and we’ve recorded multiple changes in obfuscation techniques and domain names used in their DNS TXT traffic direction system (TDS).
Continue reading JavaScript Malware Switches …
august black hat tactics campaign cloud code com compromised compromised wordpress sites dns domain domains dynamic godaddy infosec hacked websites javascript javascript malware malicious malware malware campaign records redirect redirects server server security switches tracker txt urls website backdoor website malware infections website security wordpress wordpress security wordpress sites