Site of Japanese Restaurant Wagamama Hijacked, Users Led to BlackHole

A website owned by Wagamama – the famous Japanese restaurant and noodle bar - has been hijacked by cybercriminals. Experts found it to be injected with a piece of malicious code that’s part of the RunForestRun campaign.

Websense experts report that the RunForestRun attack leverages a vulnerability in Parallels' Plesk to steal user credentials and compromise accounts.

Once an account is hijacked, the hacker plants obfuscated code inside JavaScript files. When these scripts are executed, an iframe containing pseudo-randomly generated URLs is loaded.

In the end, these URLs lead the victim to the well-known BlackHole exploit kit.

Since this attack is not new, most security solutions are able to identify and block the malicious URLs. However, at the time of writing, our trusty antivirus was still displaying warning messages when we tried to access the goeast.wagamama.com subdomain.