- On sensing a Visitor, Taking him to the exploit landing page via an iFrame.
- The landing page pushes browser based Exploits on the victim’s system to gain access.
The Sucuri researchers team as a solution suggest, “The infection is very buggy and often removed single-quotes from legitimate files that corrupt the site completely. Affects plugins, themes and even core files of WordPress and Joomla. The solution is to restore files from a clean backup.”
grep -r “visitorTracker_isMob” /var/www/
- Keep your plugins up-to-date, with latest security patches implemented.
- Always maintain a backup of your sensitive data.