all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS

Add to bookmarks
April 18, 2024, 6:51 p.m. | Denis Sinegubko

Sucuri Blog blog.sucuri.net

Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The most interesting thing about that malware was how it used dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs.


We’ve been tracking this campaign ever since — and we’ve recorded multiple changes in obfuscation techniques and domain names used in their DNS TXT traffic direction system (TDS).


Continue reading JavaScript Malware Switches …

august black hat tactics campaign cloud code com compromised compromised wordpress sites dns domain domains dynamic godaddy infosec hacked websites javascript javascript malware malicious malware malware campaign records redirect redirects server server security switches tracker txt urls website backdoor website malware infections website security wordpress wordpress security wordpress sites

Visit resource

More from blog.sucuri.net / Sucuri Blog

WordPress Vulnerability & Patch Roundup April 2024 2 days, 13 hours ago | blog.sucuri.net
april attacks automated awareness +33
What is a Zero-Day Vulnerability? 6 days, 12 hours ago | blog.sucuri.net
best practices can dev dev teams +19
What is Cookie Hijacking 1 week, 1 day ago | blog.sucuri.net
access accounts application attackers +25
JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS 1 week, 6 days ago | blog.sucuri.net
august black hat tactics campaign cloud +30
WordPress Maintenance: Tasks & Best Practices 2 weeks, 1 day ago | blog.sucuri.net
best practices can expertise guide +10
Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker 2 weeks, 6 days ago | blog.sucuri.net
admin amp area attackers +32
Web Shells: Types, Mitigation & Removal 3 weeks, 2 days ago | blog.sucuri.net
access attackers best practices compromised +33
Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS 4 weeks, 1 day ago | blog.sucuri.net
adoption black hat tactics can cms +19
WordPress Vulnerability & Patch Roundup March 2024 1 month ago | blog.sucuri.net
attacks automated awareness best practices +32

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Application Security Engineer - Remote Friendly

@ Unit21 | San Francisco,CA; New York City; Remote USA;
View on infosec-jobs.com

Cloud Security Specialist

@ AppsFlyer | Herzliya
View on infosec-jobs.com

Malware Analysis Engineer - Canberra, Australia

@ Apple | Canberra, Australian Capital Territory, Australia
View on infosec-jobs.com

Product CISO

@ Fortinet | Sunnyvale, CA, United States
View on infosec-jobs.com

Manager, Security Engineering

@ Thrive | United States - Remote
View on infosec-jobs.com
View more jobs