Shimray RR | August 16: YellowChain, an E-Commerce platform by INVESTMENT & DEVELOPMENT AUTHORITY OF NAGALAND was found today infected by malware which ends up redirecting the visitors to other spammy links and also greeted by unwanted pop-up ads.
Visitors are greeted with malicious unwanted pop-ups (left image) and also many links in the website redirects to a different website (right image)
During a quick check it was found that the infected pages include the homepage, the contact page, About Us, privacy policy page.
Here’s a screen grabbed video of the website.
Yellow Chain is a single-window e-commerce platform developed to promote local business and entrepreneurship in the State and was formally launched by Chief Minister Neiphiu Rio yesterday during the Independence Day Celebration.
A quick check on website https://scanner.pcrisk.com/ shows YellowChain website status as Malicious.
YellowChain is built using WordPress CMS, which is one of the most used CMS, and as such there are more attacks and security issues. In WordPress, such malicious attack mostly happens due to the use of Nulled theme or plugins, and insecure host/shared hosting.
Such security flaws has also raised concerns among the buyer and seller at YellowChain regarding the safety and security of the platform.
At the time of writing this post, the security issue is still not fixed.
Hope they fix it soon.