Legacy Mauthtoken Malware Continues to Redirect Mobile Users

Legacy Mauthtoken Malware Continues to Redirect Mobile Users

Legacy Mauthtoken Malware Continues to Redirect Mobile Users

During malware analysis, we regularly find variations of this injected script on various compromised websites: .

The variable _0x446d assigns hex encoded strings in different positions in the array. If we get the ASCII representation of the variable, we’ll end up with the following code:

var _0x446d=[“_mauthtoken”,”indexOf”,”cookie”,”userAgent”,”vendor”,”opera”,”hxxps://zeep.ly/ev4Va”,”googlebot”,”test”,”substr”,”getTime”,”_mauthtoken=1; path=/;expires=”,”toUTCString”,”location”];

In this array, you can find a “shortened” redirect URL: hxxps://zeep[.]ly/ev4Va.

Continue reading Legacy Mauthtoken Malware Continues to Redirect Mobile Users at Sucuri Blog.

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest

Leave a Comment