Symantec researchers spotted the Indian restaurant recommendation site “Burrp” redirecting visitors to a serving of Angler exploit kits (EK) that ultimately led to the delivery of TeslaCrypt ransomware.
Threat actors compromised the site by injecting malicious code into one of the site's JavaScript files and attacks have been ongoing since the beginning of February, according to a Monday blog post.
The attacks appear to be related to a technique used in a malvertising campaign that leveraged the "admedia" and "megaadvertize" platforms to redirect WordPress and Joomla site visitors to malicious payloads, according to the post.
Researchers said the malicious url in the Burrp compromise contained the "megaadvertize" string but it has since changed to "hellomylittlepiggy." Most of the infected users are based in the U.S. and India.
Researchers said Burrp is aware of the compromise and is working to resolve the issue.
