A recent SiteCheck scan of an organization’s website showed an interesting pharmacy spam injection targeting COVID-19-related pages of websites. The HTML that was flagged by our SiteCheck signature, spam-seo.hidden_content?100.2, shows why the pharmacy spam text was not displayed on the infected web page:
This spammer is trying to obfuscate their link injection by assigning a custom function, get_style, to store the none display element value. This essentially hides any of the element’s text that comes after the function is called, then uses the custom function end_ to remove the none display element.
Source: Scuri check