Denis Sinegubko

187 posts

Denis Sinegubko is Sucuri’s Senior Malware Researcher who joined the company in 2013. Denis' main responsibilities include researching emerging threats and creating signatures for SiteCheck. The founder of UnmaskParasites, his professional experience covers over 20 years of programming and information security. When Denis isn’t analyzing malware, you might not find him online at all. Connect with him on Twitter.

Bogus URL Shorteners Go Mobile-Only in AdSense Fraud Campaign

Denis Sinegubko
September 5, 2023

Since September 2022, our team has been tracking a bogus URL shortener redirect campaign that started with just a single domain: ois[.]is. By the beginning…

From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail

Denis Sinegubko
August 10, 2023

A vast majority of website malware employ the ever-familiar HTTP/HTTPS protocols for its malicious activities. But, we also periodically confront more interesting hybrid malware leveraging…

SiteCheck Mid-Year Report Hacked Websites

SiteCheck Remote Website Scanner — Mid-Year 2023 Report

Denis Sinegubko
August 8, 2023

Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide…

Massive Google Colaboratory Abuse: Gambling and Subscription Scam

Denis Sinegubko
July 18, 2023

This investigation started with a small and quite simple piece of PHP malware found on a hacked website. We located the following PHP code, responsible…

Xjquery Wave of WordPress SocGholish Injections

Denis Sinegubko
May 9, 2023

In November, 2022, my colleague Ben Martin described how hackers were using zipped files and encrypted WordPress options stored in the database to inject SocGholish…

Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign

Denis Sinegubko
April 6, 2023

Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a…

Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network

Denis Sinegubko
January 24, 2023

Every so often attackers register a new domain to host their malware. In many cases, these new domains are associated with specific malware campaigns, often…

Chinese Gambling Spam Leverages World Cup Keywords

Chinese Gambling Spam Targets World Cup Keywords

Denis Sinegubko
December 2, 2022

Since 2018, our team has been tracking an interesting type of website infection where the <title> tag of a hacked website is changed to Chinese…

New Wave of SocGholish cid=27x Injections

Denis Sinegubko
November 23, 2022

On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads…

Gambling SEO Spam in Visual Composer Raw HTML Element: vc_raw_html

Gambling Spam in Visual Composer Raw HTML Element: [vc_raw_html]

Denis Sinegubko
September 14, 2022

Bad actors often look for clever ways to boost the rankings and visibility of their spam pages in search. One of the many black hat…

SocGholish and NDSW NDSX malware, FakeUpdates, SilverFish (SolarWind) and ransomware

SocGholish Malware: Script Injections, Domain Shadowing, IPs & Obfuscation Techniques

Denis Sinegubko
August 16, 2022

Earlier this June, we shared information about the ongoing NDSW/NDSX malware campaign which has been one of the most common website infections detected and cleaned…