Which interacts with a secondary backdoor inside the site to force the browser to load a malicious iframe from one of their Nuclear Exploit Kit landing pages. The current landing page is pointing to vovagandon.tk (126.96.36.199), but that domain changes very often.
How to overcome with this attack :
Now the biggest question is how to overcome with this type of malware attack without affecting seo and visitor ratio. I am going to share what we did when stackbuddy is infected by this malware.
Update all plugins :
Update your plugin and wordpress core files first, It might be possible that this malware was come from the any plugin and other source.
Database Backup :
Then take the latest backup of your database because this type of attack is not generally infected the database schema. So you can take the db backup without any issues.
Files and Folder backup :
Then after completing database backup you need to take backup of your all the files. Please ignore the .js file.
Fresh installation of WordPress :
Remove the all files and install the fresh wordpress in your hosting. You can point the same database so you will get everything working.
I found the majority of the infection was loaded in the wp-content/uploads directory.
If you want to check that your website is infected by this malware or not, you can do it by sucuri scanner.
Share your feedback and suggestion by commenting.