What kind of beast is "yatr_scr" or "iframe yatr.ru"?

M

Mikhail Good Day2015-12-10 11:07:45

CMS

Mikhail Good Day, 2015-12-10 11:07:45

Good afternoon. I found a piece of the form in the page code:

<iframe id="yatr_scr" src="https://yatr.ru/hp.html?wm=35506&amp;referrer=http://www.SITE.com/wp-login.php?redirect_to=http%3A%2F%2Fwww.SITE.com%2Fwp-admin%2F&amp;reauth=1" style="display: none;"></iframe>

Where could such an animal come from? All I found on it is a thread on SE.gurus about what it is, and I quote, "Some kind of Hawk system that identifies users who were interested in certain information, for example, laptops." Google gave out that this is generally something related to real estate, not my subject.
Tell me what kind of animal? How to fight him? And where could he come from?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

P

Pavel Elizariev, 2015-12-15
@effetto

As you correctly noted, you were hacked. And most likely automatic. This could most likely happen in one of two ways:
I would act like this:
The described actions concern not only files, but also the database, if any.
And it doesn't matter what kind of animal this code is in the iframe. There may be one of a thousand other ways to make money on a hacked site.