A recent investigation uncovered a malvertising campaign affecting multiple WordPress websites, where unauthorized JavaScript was being loaded without the site owner's consent. This JavaScript, identified in at least 17 websites during the analysis, acted as a remote loader that fetched malicious content from a Command and Control (C&C) server, specifically hosted at hxxps://brazilc.com/ads.php. The mechanism involved the PHP code initiating a POST connection to the C&C server and subsequently injecting the server's response into the HTML document's head section.