Title: Injects Malware. Last modified: March 21, 2026 --- # Injects Malware. * [kkrajk](https://wordpress.org/support/users/kkrajk/) * (@kkrajk) * [3 weeks, 1 day ago](https://wordpress.org/support/topic/injects-malware/) * Not one but this happened twice in about 6 months across 2 sites. - This topic was modified 3 weeks, 1 day ago by [kkrajk](https://wordpress.org/support/users/kkrajk/). Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [Optimizing Matters](https://wordpress.org/support/users/optimizingmatters/) * (@optimizingmatters) * [3 weeks, 1 day ago](https://wordpress.org/support/topic/injects-malware/#post-18858294) * It must be irritating to have to clean up malware-mess kkrajk, so let me start off by stating that I understand your frustration! * Autoptimize does not have any code to inject malware though; it merely takes the CSS & JS from WordPress core, theme and plugins and optimizes (minification and/or combining, depending on the settings) those. If one of the optimized files( JS, likely) contain malware, then the problem would have been in one of the original files which ended up in Autoptimizes cache directory (`wp-content/cache/autoptimize`). * If you (or anyone else) wants to, feel free to check out Autoptimize’s source code either [on the WordPress SVN](https://plugins.trac.wordpress.org/browser/autoptimize/) or [on Github](https://github.com/futtta/autoptimize). Heck; I’m so convinced that this is not a problem with Autoptimize itself, that I offer a €1000 bounty to the first person who can prove there’s malware injection being done by Autoptimize! 🙂 * all the best! frank * Thread Starter [kkrajk](https://wordpress.org/support/users/kkrajk/) * (@kkrajk) * [3 weeks, 1 day ago](https://wordpress.org/support/topic/injects-malware/#post-18858331) * Dear Frank, * firstly. thanks for the plugin. I’ve used it in the past over the last few years and the plugin has been great through these years. but unfortunately what I said above is true. Since then I’ve uninstalled from all my sites and the ones being injected are the ones which are not on autoupdate (I know it is vague but it is the only closest clue I have).. * You might want to explore this link for details (not mine but found on internet) * [https://www.trellix.com/en-in/blogs/research/malware-delivered-via-jquery-migrate-and-parrot-tds/](https://www.trellix.com/en-in/blogs/research/malware-delivered-via-jquery-migrate-and-parrot-tds/) * I’ll be sure to update here incase I found any further details (from my own files) - This reply was modified 3 weeks, 1 day ago by [kkrajk](https://wordpress.org/support/users/kkrajk/). * Plugin Author [Optimizing Matters](https://wordpress.org/support/users/optimizingmatters/) * (@optimizingmatters) * [3 weeks ago](https://wordpress.org/support/topic/injects-malware/#post-18858515) * Interesting link, but it actually confirms what I wrote [@kkrajk](https://wordpress.org/support/users/kkrajk/); * > During forensic analysis of the user’s session, we discovered that the browser > had downloaded the following file: hxxps://tabukchamber[.]sa/wp-content/cache/ > autoptimize/js/autoptimize_979aed35e1d8b90442a7373c2ef98a82[.]js > This file had been tampered with using Parrot TDS, covertly inserting redirect > code that conveyed a malicious script to the intended users. * It is not Autoptimize itself that is injecting malware, but the Autoptimized file has been tampered with. This implies that the attacker already had some kind of access to the filesystem, which is also confirmed a few paragraphs lower: * > The infection was made possible by manipulating the WordPress plugin Autoptimize, > which concatenates and minifies frontend assets into cache folders. These folders > are often left writable and are not verified against file integrity standards, > making them ideal locations for implanting malware. * esp. the “folders are often left writable” confirms that the attacker had access to the filessytem and was able to change the (aut)optimized file. * bottom line; **attackers can hide malware once they have access to the system**( via yet another exploit) and indeed can do so in files created by Autoptimize, but **Autoptimize itself really does not inject malware**. Viewing 3 replies - 1 through 3 (of 3 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Finjects-malware%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this review. * ![](https://ps.w.org/autoptimize/assets/icon-256X256.png?rev=2211608) * [Autoptimize](https://wordpress.org/plugins/autoptimize/) * [Frequently Asked Questions](https://wordpress.org/plugins/autoptimize/#faq) * [Support Threads](https://wordpress.org/support/plugin/autoptimize/) * [Active Topics](https://wordpress.org/support/plugin/autoptimize/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/autoptimize/unresolved/) * [Reviews](https://wordpress.org/support/plugin/autoptimize/reviews/) * 3 replies * 2 participants * Last reply from: [Optimizing Matters](https://wordpress.org/support/users/optimizingmatters/) * Last activity: [3 weeks ago](https://wordpress.org/support/topic/injects-malware/#post-18858515)