The Latest in IT Security compromised with injection

2011 is a site offering legitmate custom firmware for Android devices. It’s a popular site, pulling in about 100,000 unique US users per day according to and it has an Alexa rank of 6728.

Unfortunately, the site has been compromised in an injection attack with a hard-to-diagnose piece of malware attempting to load code from on The code seems resistant to several common analysis tools. The injection attack is hidden on the very first line of HTML on the home page.. you have to scroll a long way right to see it.

I haven’t been able to analyse the payload yet. There is a possibility that it might target Android devices.

The domain is registered through in China to the following registrant:

Registrant ID:orgff14354361081Registrant Name:Henry Nguyen GongRegistrant Organization:Privacy-Protect.cnRegistrant Street1:Rue la produit 34Registrant Street2:Registrant Street3:Registrant City:NimesRegistrant State/Province:Languedoc-RoussillonRegistrant Postal Code:30189Registrant Country:FRRegistrant Phone:+33.466583875Registrant Phone Ext.:Registrant FAX:+33.466583875Registrant FAX Ext.:Registrant Email:[email protected] is very commonly used by criminals to cover their tracks.A Google search for indicates that the IP address is in use by several malicious domains (listed below).

A look at the forums indicates that similar attacks have been happening since September 25th:

Does anyone know what this is? I got a warning from Norton with High severity saying I was attacked by and from when I entered into the touchpad forum for this website. The IPS alert name is: web attack malicious exploit kit website at High risk 

Blocking traffic to is probably a good idea. It looks like there may be other problems in so you could block the whole range as a precaution.

The following domains are hosted on

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments