Denis Sinegubko

194 posts

Denis Sinegubko is Sucuri’s Senior Malware Researcher who joined the company in 2013. Denis' main responsibilities include researching emerging threats and creating signatures for SiteCheck. The founder of UnmaskParasites, his professional experience covers over 20 years of programming and information security. When Denis isn’t analyzing malware, you might not find him online at all. Connect with him on Twitter.

Whitespace Steganography Conceals Web Shell in PHP Malware

Denis Sinegubko
February 2, 2021

Last November, we wrote about how attackers are using JavaScript injections to load malicious code from legitimate CSS files. At first glance, these injections didn’t…

Read the Post

Another Credit Card Stealer That Pretends to Be Sucuri

Denis Sinegubko
November 11, 2020

During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri. One of our Remediation Analysts, Liam Smith, found…

Read the Post

Stylish Magento Card Stealer loads Without Script Tags

CSS-JS Steganography in Fake Flash Player Update Malware

Denis Sinegubko
November 2, 2020

This summer, MalwareBytes researcher Jérôme Segura wrote an article about how criminals use image files (.ico) to hide JavaScript credit card stealers on compromised e-commerce…

Read the Post

Skimmers in Images & GitHub Repos

Denis Sinegubko
July 22, 2020

MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files. During a routine investigation, we detected a similar issue.…

Read the Post

Website Security

Dangerous Website Backups

Denis Sinegubko
July 2, 2020

It’s a well-known fact that website backups are important for mitigating a plethora of site issues. They can help restore a site after a compromise…

Read the Post

Evasion Tactics in Hybrid Credit Card Skimmers

Denis Sinegubko
June 5, 2020

The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to…

Read the Post

Web Skimmer With a Domain Name Generator – Follow Up

Denis Sinegubko
April 23, 2020

This note is a follow up to our recent post about a web skimmer that uses a dynamic domain name generating algorithm. This week, analyst…

Read the Post

PinnacleCart Server-Side Skimmer & Backdoor

PinnacleCart Server-Side Skimmers and Backdoors

Denis Sinegubko
April 22, 2020

While open-source ecommerce platforms are the most common targets for web skimmers, hackers also target paid-for software — especially if it’s used on high-profile online…

Read the Post

Web Skimmer with a Domain Name Generator

Denis Sinegubko
April 17, 2020

Our security analyst Moe Obaid recently found yet another variation of a web skimmer script injected into a Magento database. The malicious script loads the…

Read the Post

Spl_autoload Backdoor

Denis Sinegubko
April 8, 2020

With backdoors, one of the main challenges for malware authors is to execute code without using obvious functions (such as eval, asset, create_function, etc.) that…

Read the Post

WordPress Database Brute Force and Backdoors

Denis Sinegubko
March 11, 2020

We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However,…

Read the Post