Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the <html> tag).
This code is generated by the well-known JJEncode obfuscator, which was once quite popular for encrypting malicious code. Since its popularity dwindled a few years ago, we’ve hardly seen any new malware using it. It was definitely a surprise for us when approximately 3 months ago we noticed the JJEncode obfuscator was once again in use: Minr cryptominer began using it to obfuscate scripts that they loaded from multiple domains like web.clod[.]pw.
Continue reading Wikipedia Page Review Reveals Minr Malware at Sucuri Blog.
The post Wikipedia Page Review Reveals Minr Malware appeared first on Security Boulevard.
from Wikipedia Page Review Reveals Minr Malware
No comments:
Post a Comment