More Information
- Hong Kong democracy activist websites compromised
- Democracy in Hong Kong Under Attack
- Alliance for True Democracy
- Hong Kong's pro-democracy websites riddled with malware
- Democratic Party
- People Power
- The Professional Commons
First published: 14th October 2014
Steven Adair of Volexity, a Washington, D.C. based security firm, has reported the addition of malicious code to legitimate javascript on the websites of three Hong Kong democracy-related websites, and a malicious iframe on a fourth site.
Writing in his security blog, Steven Adai reported that the Alliance for True Democracy (ATD) in Hong Kong (www.atd.hk), the Democratic Party Hong Kong (DPHK) (www.dphk.org | eng.dphk.org), People Power in Hong Kong (PPHK) (www.peoplepower.hk) and the Professional Commons (PC) (www.procommons.org.hk) websites had been compromised.
The ATD and DPHK both had additional javascript added that loaded additional javascript from java-se.com, a know-malicious site. Several pages of the PPHK website had malicious iFrames leveraging the Chinese URL shortener 985.so added. The iframes redirected to exploit pages on a Hong Kong IP address, 58.64.178.77, designed to install malware on the visitor's system. The PC website had suspicious JavaScript code that wrote an iFrame pointing back to a non-existent HTML page on a hotel website in South Korea.
Visitors to the sites when the exploits were active would have risked infection by unknown malware.
Sources in Hong Kong reported that the sites had been cleaned up and, at the time of writing, all the websites appeared clean.