Ben Martin

102 posts

Ben Martin is a security analyst and researcher who joined the company in 2013. Ben's main responsibilities include finding new undetected malware, identifying trends in the website security world, and, of course, cleaning websites. His professional experience covers more than a decade of working with infected websites of every variety with a special focus on eCommerce / credit card theft malware. When Ben isn't slaying malware you might find him producing music, gardening, or skateboarding around Victoria.

Limit Login Attempts Vulnerability – Patch Now!

Ben Martin
April 12, 2023

On April 11th, 2023, a software update was released to patch a severe vulnerability within the Limit Login Attempts WordPress security plugin. With over 600,000…

Read the Post

Elementor Pro WordPress Plugin Vulnerability

High Severity Vulnerability in WordPress Elementor Pro Patched

Ben Martin
March 31, 2023

On March 22nd, 2023 a security patch was issued for the popular website builder plugin Elementor Pro. Website administrators using this plugin should immediately patch…

Read the Post

Critical Vulnerability Discovered in WooCommerce Payments

Ben Martin
March 23, 2023

On March 22nd, 2023 a critical vulnerability was discovered within the WooCommerce Payments plugin – an extremely popular eCommerce payment plugin for WordPress with over…

Read the Post

WooCommerce Credit Card Skimmer Reveals Tampered Plugin

Ben Martin
March 21, 2023

Disclaimer: The malware infection described in this article does not affect the software plugin as a whole and does not indicate any vulnerabilities or security…

Read the Post

Magbo Spam Injection Encoded with hex2bin

Ben Martin
March 3, 2023

We recently had a new client come to us with a rather peculiar issue on their WordPress website: They were receiving unwanted popup advertisements but…

Read the Post

Attackers Abuse Cron Jobs to Reinfect Websites

Ben Martin
February 21, 2023

Malicious cron jobs are nothing new; we’ve seen attackers use them quite frequently to reinfect websites. However, in recent months we’ve noticed a distinctive new…

Read the Post

Bogus Short URLs Redirect Thousands of Hacked Sites in AdSense Fraud Campaign

Bogus URL Shorteners Redirect Thousands of Hacked Sites in AdSense Fraud Campaign

Ben Martin
February 9, 2023

Late last year we reported on a malware campaign targeting thousands of WordPress websites to redirect visitors to bogus Q&A websites. The sites themselves contained…

Read the Post

Konami Code Backdoor Concealed in front.jpeg Image

Konami Code Backdoor Concealed in Image

Ben Martin
February 2, 2023

Attackers are always looking for new ways to conceal their malware and evade detection, whether it’s through new forms of obfuscation, concatenation, or — in…

Read the Post

New SocGholish Malware Variant Uses Zip Compression & Evasive Techniques

Ben Martin
November 15, 2022

Readers of this blog should already be familiar with SocGholish: a widespread, years-long malware campaign aimed at pushing fake browser updates to unsuspecting web users.…

Read the Post

Massive ois[.]is Black Hat Redirect Malware Campaign

Ben Martin
November 8, 2022

Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects…

Read the Post

Wordfence Evasion Malware Conceals Backdoors

Ben Martin
October 20, 2022

Malware authors, with some notable exceptions, tend to design their malicious code to hide from sight. The techniques they use help their malware stay on…

Read the Post