• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
Labs Notes Monthly Recap – April/2020

Labs Notes Monthly Recap – April/2020

May 4, 2020Juliana Lewis

FacebookTwitterSubscribe

In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big part of having a good website security posture.

Sucuri Labs provides website malware research updates directly from our teams on the front line. Our Labs Notes are usually shorter than blog posts and they focus on a highly technical audience.

This month, our Malware Research and Incident Response teams wrote about a wide variety of topics, ranging from a COVID-19 phishing lure to Magento credit card skimmers.

Face Mask Spam Links Injected in WordPress Database

by Luke Leal

WordPress websites have been used in web spam campaigns targeting coronavirus search trends. Users are redirected to spam websites.

This spam campaign has been using increased queries for COVID-19 keywords and face masks. Spam links have been injected into the widgets section of the wp_options database.

Read More

Fake License.txt File Loaded Through PHP Include

by Luke Leal

A malicious injection of a file named license.txt, in order to deceive the webmaster, was found in a PHP include of a WordPress website.

A redirect was sending visitors to a malicious website. One way you spot these attacks is by monitoring your website files daily.

Read More

Phishing with a COVID-19 Lure

by Luke Leal

A phishing lure campaign uses COVID-19 keywords to trick victims into revealing sensitive information.

This was a malicious email campaign which targeted employees of a company by impersonating an IT help desk. Under the pretense of a staff portal, victims were pulled into a scam.

Read More

Spl_autoload Backdoor

by Denis Sinegubko

Hackers created malware that allows to upload temporary backdoor files and execute them using the spl_autoload function

Even though this function is used to avoid malware scanners, the rest of the code would probably not go unnoticed.

Read More

Magento JavaScript Skimmer Targets Tarjetas de Crédito

by Luke Leal

A suspicious payment card form was showing up on a Magento ecommerce website.

Our researchers found out that a JavaScript injection was using a .click() event to display malicious forms on compromised Magento sites to steal credit card details.

Read More

Fake M-Shield WordPress Plugin

by Krasimir Konov

Our website security analyst informs us about fake WordPress plugins that hackers install on compromised sites to be able to keep their backdoors/web shells.

Even if webmasters delete the backdoors, the malicious plugins recreate them every time someone visits any page of the infected WordPress site.

Read More

Web Skimmer With a Domain Name Generator – Follow Up

by Denis Sinegubko

Our malware researcher provides an update on the Magento web skimmer campaign that uses a dynamic domain name generating algorithm.

Another variation of that malware is found, with a set of domains pre-registered for use from March through December.

Read More

WordPress Admin Login Stealer

by Krasimir Konov

A WordPress admin login stealer was found injected into wp-login.php on a WordPress website.

The WordPress login stealer intercepts credentials and sends them to attackers. This WordPress malware and its variants have been distributed and used on several websites for over a year.

Read More

FacebookTwitterSubscribe

Categories: Website Malware Infections, Website SecurityTags: Hacked Websites, Malware Updates

About Juliana Lewis

Juliana Laraburu is Sucuri’s Marketing Content Manager who joined the company in 2015. Juliana’s main responsibilities include managing projects, keyword research, and drafting blog posts and landing pages. Her professional experience covers over five years of creating website security content. When Juliana isn’t working on Sucuri’s blog, you might find her traveling around the world or hanging out with her family. Connect with Juliana on Twitter.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.