Symantec researchers spotted the Indian restaurant recommendation site “Burrp” redirecting visitors to a serving of Angler exploit kits (EK) that ultimately led to the delivery of TeslaCrypt ransomware.
The attacks appear to be related to a technique used in a malvertising campaign that leveraged the "admedia" and "megaadvertize" platforms to redirect WordPress and Joomla site visitors to malicious payloads, according to the post.
Researchers said the malicious url in the Burrp compromise contained the "megaadvertize" string but it has since changed to "hellomylittlepiggy." Most of the infected users are based in the U.S. and India.
Researchers said Burrp is aware of the compromise and is working to resolve the issue.