Legacy Mauthtoken Malware Continues to Redirect Mobile Users

Legacy Mauthtoken Malware Continues to Redirect Mobile Users

During malware analysis, we regularly find variations of this injected script on various compromised websites: .

The variable _0x446d assigns hex encoded strings in different positions in the array. If we get the ASCII representation of the variable, we’ll end up with the following code:

var _0x446d=["_mauthtoken","indexOf","cookie","userAgent","vendor","opera","hxxps://zeep.ly/ev4Va","googlebot","test","substr","getTime","_mauthtoken=1; path=/;expires=","toUTCString","location"];

In this array, you can find a “shortened” redirect URL: hxxps://zeep[.]ly/ev4Va.

Continue reading Legacy Mauthtoken Malware Continues to Redirect Mobile Users at Sucuri Blog.

The post Legacy Mauthtoken Malware Continues to Redirect Mobile Users appeared first on Security Boulevard.

Article Link: https://securityboulevard.com/2020/11/legacy-mauthtoken-malware-continues-to-redirect-mobile-users/