Website Security News
Every so often attackers register a new domain to host their malware. In many cases, these new domains are associated with specific malware campaigns, often related to redirecting legitimate website traffic to third party sites of their choosing — including tech support scams, adult dating,…
Read More about Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network
Since 2018, our team has been tracking an interesting type of website infection where the <title> tag of a hacked website is changed to Chinese text — changes which are…
Read More about Chinese Gambling Spam Targets World Cup Keywords
On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads zipped malicious templates from WordPress…
Bad actors often look for clever ways to boost the rankings and visibility of their spam pages in search. One of the many black hat SEO injections that we regularly…
Read More about Gambling Spam in Visual Composer Raw HTML Element: [vc_raw_html]
Earlier this June, we shared information about the ongoing NDSW/NDSX malware campaign which has been one of the most common website infections detected and cleaned by our remediation team in…
Read More about SocGholish: 5+ Years of Massive Website Infections
For the latest malicious scripts, check out our SiteCheck Q3 Malware Trends report. Conducting an external website scan for indicators of compromise is one of the easiest ways to identify…
Recently, Avast’s researchers Pavel Novák and Jan Rubín posted a detailed writeup about the “Parrot TDS” campaign involving more than 16,500 infected websites. Such massive infections don’t go unnoticed by…
Read More about Analysis of the Massive NDSW / NDSX Malware Campaign
Our lead security analyst Liam Smith recently worked on an infected X-Cart website and found two interesting credit card stealers there — one skimmer located server-side, the other client-side. X-Cart’s…
Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it’s some malicious resource, scam site or a commercial site that buys…
Read More about WordPress Redirect Hack via Test0.com/Default7.com
Last November, we wrote about how attackers are using JavaScript injections to load malicious code from legitimate CSS files. At first glance, these injections didn’t appear to contain anything except…
Read More about Whitespace Steganography Conceals Web Shell in PHP Malware
During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri. One of our Remediation Analysts, Liam Smith, found the following code injected into…
Read More about Another Credit Card Stealer That Pretends to Be Sucuri
