My brother ran into this while car shopping on a reputable Utah based Toyota dealership’s website. It was a powershell script that downloaded and executed something from a base64 encoded Bitly URL. Bitly took down the URL so we couldn’t see where it was redirecting.

It seems like attackers are embedding this in vulnerable legit websites

I had my pitchfork out and ticket to Jellyfinville in-hand. I read the blog post and saw this myself. I’m wondering if it’s a matter of time before they want to screw over my family though