I'm a media and marketing manager with a bit of web development knowledge, and I recently encountered something really strange on my company's website while using the Brave browser with Shields down. Upon visiting the home page, I was hit with a reCaptcha pop-up that I'd never seen before. I refreshed the page multiple times, but the pop-up persisted. When I clicked 'I'm not a robot,' instead of the usual puzzles, it presented me with three suspicious steps: first, it instructed me to press 'Win + R' to open Run; second, it commanded me to paste something malicious that had been added to my clipboard; and third, it asked me to run that command, which was clearly designed to download malware from a harmful IP address. After closing my browser and returning to the site, the pop-up no longer appeared. I'm considering four possible sources of this issue: malicious DNS hijacking, local network compromise potentially due to my setup, a malicious browser extension, or a security flaw in our company's WordPress site. I need advice on diagnosing and securing the potential backdoor. What should I do?
2 Answers
Also, consider the possibility of a malicious ad if your site ever shows ads. Even if it doesn't currently serve ads, it's worth adding this to your list of potential issues, just to be thorough.
You should definitely start by reviewing the code on your WordPress site. Check the changes log to see if anything looks off or if there have been any recent updates that weren't authorized. It's crucial to know if any malicious plugins are installed.
Got it, but as far as I can tell, our company site doesn’t serve any ads.