Denis Sinegubko

194 posts

Denis Sinegubko is Sucuri’s Senior Malware Researcher who joined the company in 2013. Denis' main responsibilities include researching emerging threats and creating signatures for SiteCheck. The founder of UnmaskParasites, his professional experience covers over 20 years of programming and information security. When Denis isn’t analyzing malware, you might not find him online at all. Connect with him on Twitter.

JavaScript Malware Switches to Server-Side Redirects & Uses DNS TXT Records as TDS

JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS

Denis Sinegubko
April 18, 2024

Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The…

Read the Post

From Web3 Drainer to Distributed WordPress Brute Force Attack

Denis Sinegubko
March 5, 2024

Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects…

Read the Post

Angel Drainer - from Phishing Sites to Malicious Injections

Web3 Crypto Malware: Angel Drainer Overview, Variants & Stats

Denis Sinegubko
February 21, 2024

Since January 2024, there has been a notable surge in attacks by a novel form of website malware targeting Web3 and cryptocurrency assets. This malware,…

Read the Post

Thousands of Sites with Popup Builder Compromised by Balada Injector

Denis Sinegubko
January 10, 2024

On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was…

Read the Post

Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign

Denis Sinegubko
December 14, 2023

On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com…

Read the Post

40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager

Denis Sinegubko
December 7, 2023

Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly…

Read the Post

Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins

Denis Sinegubko
October 6, 2023

In the middle of September 2023, vulnerability advisory resources disclosed the details of an Unauthenticated Stored XSS vulnerability in the tagDiv Composer (the companion plugin…

Read the Post

Bogus URL Shorteners Go Mobile-Only in AdSense Fraud Campaign

Denis Sinegubko
September 5, 2023

Since September 2022, our team has been tracking a bogus URL shortener redirect campaign that started with just a single domain: ois[.]is. By the beginning…

Read the Post

From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail

Denis Sinegubko
August 10, 2023

A vast majority of website malware employ the ever-familiar HTTP/HTTPS protocols for its malicious activities. But, we also periodically confront more interesting hybrid malware leveraging…

Read the Post

SiteCheck Mid-Year Report Hacked Websites

SiteCheck Remote Website Scanner — Mid-Year 2023 Report

Denis Sinegubko
August 8, 2023

Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide…

Read the Post

Massive Google Colaboratory Abuse: Gambling and Subscription Scam

Denis Sinegubko
July 18, 2023

This investigation started with a small and quite simple piece of PHP malware found on a hacked website. We located the following PHP code, responsible…

Read the Post