Neutrino at peopleofwalmart[.]com

(Quick post for awareness). Visitors of www.peopleofwalmart[.]com may encounter the Neutrino exploit kit after clicking through the results of a web search.

The initial redirect is hiding at /wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js

Injected code loads Javascript from cda.8s[.]nl/js/ca.js which in turn contains code to create an iframe with the contents of cms.8s[.]nl/index.php?two where a table frameset pulls the landing page from eipei2i.daremis[.]com:8000/iolfyfsow?brvdgrgc=5534337
Copy of the landing page for your review: [pastebin].

.jar at eipei2i.daremis[.]com:8000/etfujnjzq?yuabqjfc=vmjept with Content-Type: image/jpeg and encoded payload at eipei2i.daremis[.]com:8000/noxjwhhojy?yrdpew=vmjept with Content-Type: audio/mpeg


At the time of this encounter both cda.8s[.]nl and eipei2i.daremis[.]com were at IP