Denis Sinegubko

194 posts

Denis Sinegubko is Sucuri’s Senior Malware Researcher who joined the company in 2013. Denis' main responsibilities include researching emerging threats and creating signatures for SiteCheck. The founder of UnmaskParasites, his professional experience covers over 20 years of programming and information security. When Denis isn’t analyzing malware, you might not find him online at all. Connect with him on Twitter.

Xjquery Wave of WordPress SocGholish Injections

Denis Sinegubko
May 9, 2023

In November, 2022, my colleague Ben Martin described how hackers were using zipped files and encrypted WordPress options stored in the database to inject SocGholish…

Read the Post

Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign

Denis Sinegubko
April 6, 2023

Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a…

Read the Post

Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network

Denis Sinegubko
January 24, 2023

Every so often attackers register a new domain to host their malware. In many cases, these new domains are associated with specific malware campaigns, often…

Read the Post

Chinese Gambling Spam Leverages World Cup Keywords

Chinese Gambling Spam Targets World Cup Keywords

Denis Sinegubko
December 2, 2022

Since 2018, our team has been tracking an interesting type of website infection where the <title> tag of a hacked website is changed to Chinese…

Read the Post

New Wave of SocGholish cid=27x Injections

Denis Sinegubko
November 23, 2022

On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads…

Read the Post

Gambling SEO Spam in Visual Composer Raw HTML Element: vc_raw_html

Gambling Spam in Visual Composer Raw HTML Element: [vc_raw_html]

Denis Sinegubko
September 14, 2022

Bad actors often look for clever ways to boost the rankings and visibility of their spam pages in search. One of the many black hat…

Read the Post

SocGholish and NDSW NDSX malware, FakeUpdates, SilverFish (SolarWind) and ransomware

SocGholish Malware: Script Injections, Domain Shadowing, IPs & Obfuscation Techniques

Denis Sinegubko
August 16, 2022

In June 2022, we shared information about the ongoing NDSW/NDSX malware campaign which has been one of the most common website infections detected and cleaned…

Read the Post

SiteCheck Malware Trends Report – Q2 2022

Denis Sinegubko
July 7, 2022

For the latest malicious scripts, check out our SiteCheck 2023 Mid-Year Malware Trends report. Conducting an external website scan for indicators of compromise is one…

Read the Post

Analysis of the Massive NDSW / NDSX Malware Campaign

Denis Sinegubko
June 2, 2022

Recently, Avast’s researchers Pavel Novák and Jan Rubín posted a detailed writeup about the “Parrot TDS” campaign involving more than 16,500 infected websites. Such massive…

Read the Post

X-Cart Skimmer with DOM-based Obfuscation

Denis Sinegubko
May 17, 2022

Our lead security analyst Liam Smith recently worked on an infected X-Cart website and found two interesting credit card stealers there — one skimmer located…

Read the Post

WordPress Redirect Hack via Test0.com/Default7.com

Denis Sinegubko
June 4, 2021

Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it’s some malicious resource, scam site or…

Read the Post