Ben Martin

About Ben Martin

Ben Martin is Sucuri’s Security Analyst who joined the company in 2013. Ben's main responsibilities include finding new undetected malware, identifying trends in the website security world, and, of course, cleaning websites. His professional experience covers more than six years of working with infected websites, writing blog posts, and taking escalated tickets. When Ben isn't slaying malware, you might find him editing audio, producing music, playing video games, or cuddling with his cat. Connect with him on Twitter

July 28, 2021Ben Martin

Stylish Magento Card Stealer loads Without Script Tags

Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. In this post I will go over how it was found, how to decode it and how…

July 21, 2021Ben Martin

Vulnerable Plugin Exploited in Spam Redirect Campaign

Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we…

July 14, 2021Ben Martin

An Overview of Basic WordPress Hardening

We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. While there…

July 7, 2021Ben Martin

Magecart Swiper Uses Unorthodox Concatenation

MageCart is the name given to the roughly one dozen groups of cyber criminals targeting e-commerce websites with the goal of stealing credit card numbers and selling them on the…

June 30, 2021Ben Martin

Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 2

In my previous post about ecommerce credit card swipers I described the general overview of the online ecommerce environment as well as some of the reasons behind why websites become…

June 23, 2021Ben Martin

Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 1

Many clients that we work with host and operate ecommerce websites which are frequent targets of attackers. The goal of these attacks is to steal credit card details from unsuspecting…

June 17, 2021Ben Martin

Malicious Redirects Through Bogus Plugin

Recently we have been seeing a rash of WordPress website compromises with attackers abusing the plugin upload functionality in the wp-admin dashboard to redirect visitors and website owners to malicious…

May 28, 2021Ben Martin

WooCommerce Credit Card Skimmer Hides in Plain Sight

Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus software such as Kaspersky and…

May 17, 2021Ben Martin

Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1

If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a new object injection vulnerability which…

May 13, 2021Ben Martin

Server Side Scans and File Integrity Monitoring

When it comes to the ABCs of website security server side scans and file integrity monitoring are the “A” and “B”. In fact, our server side scanner is one of…

April 14, 2021Ben Martin

WordPress Continues to Fall Victim to Carding Attacks

Unsurprisingly, as WordPress continues to increase in popularity as an e-commerce platform, attackers continue to attempt to steal credit card information from unsuspecting clients. Currently, the WordPress plugin WooCommerce accounts for roughly a quarter of all online stores. Over recent years,…