Ben Martin

99 posts

Ben Martin is a security analyst and researcher who joined the company in 2013. Ben's main responsibilities include finding new undetected malware, identifying trends in the website security world, and, of course, cleaning websites. His professional experience covers more than a decade of working with infected websites of every variety with a special focus on eCommerce / credit card theft malware. When Ben isn't slaying malware you might find him producing music, gardening, or skateboarding around Victoria.

An Overview of Website Reinfection Vectors

Ben Martin
November 19, 2021

The website security landscape is as complicated as it is treacherous. We often deal with clients who become reinfected over and over again. Once the…

Read the Post

Website Security

Fake Ransomware Infection Spooks Website Owners

Ben Martin
November 15, 2021

Starting this past Friday we have seen a number of websites showing a fake ransomware infection. Google search results for “FOR RESTORE SEND 0.1 BITCOIN”…

Read the Post

Online Credit Card Theft - A Brief Overview of Online Fraud and Abuse

WooCommerce Skimmer Spoofs Checkout Page

Ben Martin
November 8, 2021

Recently a client of ours was reporting a bogus checkout page appearing on their website. When trying to access their “my-account” page an unfamiliar prompt…

Read the Post

WordPress Redirect Hack via Test0.com/Default7.com

Multistage WordPress Redirect Kit

Ben Martin
September 8, 2021

Recently, one of our analysts @kpetku came across a series of semi-randomised malware injections in multiple WordPress environments. Typical of spam redirect infections, the malware…

Read the Post

Analysis of a Phishing Kit (that targets Chase Bank)

Ben Martin
September 1, 2021

Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials…

Read the Post

Website Security

A Short History of Essay Spam (How We Got from Pills to Plagiarism)

Ben Martin
August 18, 2021

From answering beginner questions like ‘What is SEO spam?’ to breaking down the spammers’ code and exactly how they hide their injections in compromised websites,…

Read the Post

Adobe Patches Critical Magento Vulnerabilities in Recent Update

Ben Martin
August 13, 2021

Adobe has recently released several critical security patches for both their open source and commercial versions of their ecommerce platform. There are a total of…

Read the Post

Stylish Magento Card Stealer loads Without Script Tags

Ben Martin
July 28, 2021

Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using…

Read the Post

Server Side Data Exfiltration via Telegram API

Vulnerable Plugin Exploited in Spam Redirect Campaign

Ben Martin
July 21, 2021

Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file…

Read the Post

An Overview of Basic WordPress Hardening

Ben Martin
July 14, 2021

We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress…

Read the Post

Magecart Swiper Uses Unorthodox Concatenation

Ben Martin
July 7, 2021

MageCart is the name given to the roughly one dozen groups of cyber criminals targeting e-commerce websites with the goal of stealing credit card numbers…

Read the Post