@murtaza12
Okay, so I just visited Nayatel website some minutes ago and got hit with "Update Chrome" screen. I did end up clicking the Download - just to see what happens, nothing happened except a JS file downloading from a Dropbox link I believe. Anyhow, I think I am safe? Since it did not actually run the JS?
The HTML from Update page (Mods, feel free to remove the code if its not safe?):
CODE REMOVED by OP.
The javascript file that download was named: Chrome_76.19.js and its just jumbled up text, on purpose, encrypted or whatever.
Putting up some screenshots.
More about the injection method:
https://blog.malwarebytes.com/threa...ampaign-leverages-multiple-website-platforms/
Sucuri Report:
https://sitecheck.sucuri.net/results/nayatel.com
Okay, so I just visited Nayatel website some minutes ago and got hit with "Update Chrome" screen. I did end up clicking the Download - just to see what happens, nothing happened except a JS file downloading from a Dropbox link I believe. Anyhow, I think I am safe? Since it did not actually run the JS?
The HTML from Update page (Mods, feel free to remove the code if its not safe?):
CODE REMOVED by OP.
The javascript file that download was named: Chrome_76.19.js and its just jumbled up text, on purpose, encrypted or whatever.
Putting up some screenshots.
More about the injection method:
https://blog.malwarebytes.com/threa...ampaign-leverages-multiple-website-platforms/
Sucuri Report:
https://sitecheck.sucuri.net/results/nayatel.com
Last edited: