Home / malware Trojan:JS/HideLink.A
First posted on 07 December 2017.
Source: MicrosoftAliases :
There are no other names known for Trojan:JS/HideLink.A.
Explanation :
Installation
section. You can find this code by searching the HTML content of the website for “document.write(”. An example of the malicious code is shown below:
We have seen this malicious JavaScript file added to compromised websites running vulnerable versions of Joomla and WordPress. In some cases, it can be an infected Joomla or WordPress template or module.
Payload
Adds hidden website content
This threat hides content off the screen of websites you are viewing.
The malicious JavaScript is added to the HTML content of the compromised webpage, just before the
When this JavaScript is run, the document.write() adds the following code to the page:
This code places the class named dnn off the screen, so the user will not see its content. Inside the class dnn, there is typically text and links that are used to improve the search engine result ranking of the tageted websites. For example, we have seen it hiding links to “Advanced Cash”:
Analysis by Geoff McDonaldLast update 07 December 2017
