At the request of the company A, which found third-party links on the website that they are not placed, an investigation in order to identify the causes of most of these links.
The site was used popular engine Wordpress, where they were placed third-party links and the so-called called mobile redirect, that redirect all users to premium services, writing off funds from them. In addition, it was found that the links posted on the site, using the code of the popular Exchange links in RuNet. By communicating with content providers, service providers to monetize paid mobile applications, as well as through dialogue with the owners of affiliate programs for the exchange of links have been established the payment details through which an attacker received funds from the monetization of the hacked sites. As the payment details have been identified personality attacker. The information was passed to the customer, and later to the law enforcement authorities.