Website Security News
Next up in our “This didn’t quite make it into the 2021 Threat Report, but is still really cool” series: New backdoors! Backdoors are a crucial component of a website infection. They allow the attackers ongoing access to the compromised environment and provide them a…
What is a Backdoor? A backdoor provides a shortcut for authorized or unauthorized users to gain access to an unauthorized location of a website, software, or system. There are many…
During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by…
Over the past year, there’s been an increasing trend of WordPress malware using SQL triggers to hide malicious SQL queries within compromised databases. These queries inject an admin level user…
Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of…
A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting. Among 246 other lines, this…
Read More about Fake WordPress Functions Conceal assert() Backdoor
In a previous post, I discussed how attackers can trick website owners into installing malware onto a website — granting the attacker the same unauthorized access as if they had…
Read More about “Free” Symchanger Malware Tricks Users Into Installing Backdoor
A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want….
Read More about Backdoor Shell Dropper Deploys CMS-Specific Malware
In an attempt to avoid detection, attackers and malware authors are always experimenting with different methods to obfuscate their malicious code. During a recent investigation, we came across an interesting…
Read More about Backdoor Obfuscation: tempnam & URL Encoding
The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to use it for the foreseeable future. Unfortunately, attackers are also…
“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware scanners. The hexadecimal/decimal obfuscation is…
Read More about Smoker Backdoor: Evasion Techniques in Webshell Backdoors
