Suspicious Title tag in Articulate Presenter 6.0.1 file - has it been hacked?

Hi, 

I'm running some old Presenter modules through the Learndash LMS running on a Wordpress site. The security plugin that I also have has just spotted some suspicious files which turn out to be Presenter files and I'm getting this critical warning message message; 

Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <TITLE>\x0a\x09Module 1: Thoughts Feelings and Ac...

The issue type is: Suspicious:HTML/suspicious.encodedTitle.7388
Description: Encoded title tag content. Often used by malware to hide actual content.

The first few lines of file are;

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<!-- saved from url=(0014)about:internet -->
<!-- Created using Articulate Presenter 6.0.1 - http://www.articulate.com -->
<!-- version: 6.0.699 -->

<TITLE>
&#77;&#111;&#100;&#117;&#108;&#101;&#32;&#50;&#58;&#32;&#84;&#117;&#110;&#105;&#110;&#103;&#32;&#105;&#110;&#32;&#116;&#111;&#32;&#121;&#111;&#117;&#114;&#32;&#84;&#104;&#111;&#117;&#103;&#104;&#116;&#115;
</TITLE>

I am correct in thinking that Presenter would NOT have created a title tag like that?

Thanks,

Bryan 

 

2 Replies
Katie Riggio

Hi Bryan,

Thanks for bringing this to our attention!

I haven't seen Presenter create title tags like those, but my team and I gathered these related FAQs with the next steps to take that should help:

If you need extra guidance, our Support Engineers are a click away and are happy to dig in! You can connect with them through this link.

Katie Riggio

Hi again, Bryan!

Out of curiosity, what security plugin are you using?

More context around my last note: If you can share the Articulate Package and published output with our Engineers, we can confirm whether or not the published output has been tampered with, as well as find out how to report a false positive in the plugin.