JavaScript Malware Switches to Server-Side Redirects and Uses DNS TXT Records as TDS

A malware campaign was found injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains, specifically using dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs.