There has been an increase in the number of malware victims, such as WordPress sites that suddenly send you to another site with a certain probability when you click on a link, the link does not work, or a new window opens and an advertisement appears.
We will explain this type of malware called clickjacking.
A type of malware ClickJack
This type of malware hijacks link clicks and sends the user to another site at a certain rate when the link is clicked, disables the link by making the user press a transparent overlaid video play button or SNS like button, opens a new window or tab, and displays ads for game sites, virus removal software, etc. Ads for game sites, antivirus software, etc. will be displayed.
Hijacking a site’s links is called clickjacking.
If this symptom only occurs with a certain probability (rare), a temporary storage mechanism called a cookie in the user’s browser is used to prevent it from being triggered for a certain period of time.
Also, clickjack cannot be realized without embedding a browser processing program called JAVASCRIPT somewhere in the site, which means that the site has been infiltrated and tampered with.
Characteristics of Malware Code
The JAVASCRIPT code is embedded so that it is executed from the site’s header.php, index.php, and other files that must be executed.
Example of code to hijack a link click event
jQuey(document).on("click", "a", function())
Example of code that illegally embeds a Facebook Like in a transparent Iframe
<style> iframe { opacity: 0; ← Iframe is made transparent. } </style> <iframe src="facebook.html"></iframe>← Illegally embedded Iframe.
Detection and Removal
Free WordPress:Malware Scanning & Security Plugin [Malware and Virus Detection and Removal].
and other malware search plug-ins may be able to detect where the malware is embedded.
Also, since this type of malware often runs on all pages, check for malicious embedded code anywhere in the theme file that runs on all web pages.
The following are examples of commonly tampered theme files.
header.php
footer.php
single.php
singler.php
page.php
index.php
functions.php