Researchers at Symantec reported that attackers have injected 'iframe' tags within the HTML files on compromised sites.
The tags redirect users to a site that runs MPack, a utility that attempts multiple exploits and malware installations.
More than 65,000 users had been redirected to the malicious page since Friday afternoon, and more than 7,000 successful exploits had been carried out.
Symantec researcher Elia Florio warned in a company blog that users should update antivirus software and all system and third-party software that can be vulnerable to attacks.
Florio warned that MPack attempts to exploit multiple vulnerabilities and applications, including flaws in QuickTime and WinZip.
A successful exploit allows attackers to install malicious components such as key-loggers and password stealers.
MPack is a piece of commercial malware that includes support for plug-ins and a year of free technical support.
A May report by Panda Labs found the application selling for between US$700 and US$1,000, with additional exploit modules for US$50 to US$150.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
