Accidentally found legit websites that have been compromised in the last few days and couldn't find evidence that anyone else had found this yet: Two automotive forums I used to go to regularly - VW Vortex and Land Rovers Only - have had malicious code slipped in at some point in the last week. It's subtle, but definitely there, and has specific targeting aimed at noscript/adblock users. And I know it was within the last 7 days at most because I have links to both of them on my own website, and I have a background process that runs every week to check whether sites I've linked to still exist. These two have been fine for a long time, but both threw up a 409 Conflict error tonight. Weird. Checked them out, and both try to redirect to or download random files from generic-sounding domains like "enable-javascript[.]com" or "error-report[.]com", with behind-the-scenes assets like CSS pulling from more obviously sketchy domains like "cheftoondiligord[.]site".

It's 5am local time as I write this, and I didn't set out looking for a Research Project™️ tonight, but a cursory search yielded no coverage or flagging about this yet, so, hopefully this post is useful to some threat intel folks ^.^ #infosec #threatintel #malware