<p>On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating unwanted pop-up/pop-unders. Whenever a visitor clicks anywhere on an infected web page, they are served questionable ads.</p>
Plugin Location
The malicious plugins possess a very similar file structure:
Injectbody
wp-content/plugins/injectbody/
- injectbody.php: 2146 bytes (the plugin code)
- inject.txt: 2006 bytes (injected JavaScript)
Injectscr
wp-content/plugins/injectscr/
- injectscr.php: 1319 bytes (the plugin code)
- inject.txt: 3906 bytes (injected JavaScript)
The functionality of these plugins are also very similar.
Continue reading Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins at Sucuri Blog.
