We found many WordPress websites redirecting to malicious URLs and spam domains. After a deep investigation it turned out to be caused by the vulnerable WordPress OneTone theme. The hack usually takes place in this file:./WP-content/themes/Themes/onetone/includes/theme-functions.php Beside the above file infection, The Hacker also inject a eval(atob malicious javascript malware in WordPress database onetone.php. The hacker also injects a malicious Javascript malware into the WordPress database.”]

