COVID-19 Chloroquine Pharmaspam

A recent SiteCheck scan of an organization’s website showed an interesting pharmacy spam injection targeting COVID-19-related pages of websites. The HTML that was flagged by our SiteCheck signature, spam-seo.hidden_content?100.2, shows why the pharmacy spam text was not displayed on the infected web page: This spammer is trying to obfuscate their link injection by assigning a custom function, get_style, to store the none display element value. This essentially hides any of the element’s text that comes after the function is called,...