Denis Sinegubko

194 posts

Denis Sinegubko is Sucuri’s Senior Malware Researcher who joined the company in 2013. Denis' main responsibilities include researching emerging threats and creating signatures for SiteCheck. The founder of UnmaskParasites, his professional experience covers over 20 years of programming and information security. When Denis isn’t analyzing malware, you might not find him online at all. Connect with him on Twitter.

A New Wave of Buggy WordPress Infections

Denis Sinegubko
October 2, 2019

We’ve been following an ongoing malware campaign for the past couple of years now. This campaign is renowned for its prompt addition of exploits for…

Read the Post

TimThumb Vulnerability: Throwback Thursday

TimThumb Attacks: The Scale of Legacy Malware Infections

Denis Sinegubko
August 29, 2019

These days, we consider a malware campaign massive if it affects a couple thousand websites. However, back in the day when Sucuri first started its…

Read the Post

Skimmers and Phishing

Denis Sinegubko
August 14, 2019

Recently, we shared a post about a network of domains used in a JavaScript credit card stealing malware campaign. These domains are all hosted on…

Read the Post

KOSONG Credit Card Stealer

Denis Sinegubko
August 12, 2019

Our security analyst Christopher Morrow recently discovered a server-side Magento skimmer that was injected into the savePayment function in the app/code/core/Mage/Checkout/Model/Type/Onepage.php file. This code emails…

Read the Post

Magento 2 PHP Skimmer Saves To Image File

Magento Skimmers: From Atob to Alibaba

Denis Sinegubko
August 7, 2019

Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this: It uses the JavaScript atob function…

Read the Post

Autoloaded Server-Side Swiper

Denis Sinegubko
August 6, 2019

Front-end JavaScript-based credit card stealing malware has garnered a lot of attention within the security community. This makes sense, since the “swipers” can be easily…

Read the Post

Shoesinfy Spam Injections

Denis Sinegubko
July 24, 2019

Lately, we’ve seen quite a few sites with injected spammy links that follow this format: <div style=”position: absolute; opacity: 0.001; z-index: 10; filter: alpha(opacity=0);”> <a…

Read the Post

Google Analytics Swiper Disguised as Legitimate Traffic

Denis Sinegubko
July 23, 2019

At first glance, this short script looks like benign Google Analytics code: <script type=”text/javascript”> (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async =…

Read the Post

WordPress Security

Massive 1800ForBail WordPress Hacks

Denis Sinegubko
June 28, 2019

Sucuri malware analyst Kaushal Bhavsar recently brought our attention to a massive campaign responsible for adding either “1800ForBail” or “1800ForBail – One+Number” keywords to the…

Read the Post

Korean Gambling and Call Girl Spam on Hacked and Non-hacked Sites

Denis Sinegubko
June 7, 2019

This blog post talks about how a web spam campaign that targets only one country may create problems for sites owners around the world —…

Read the Post

Images Loading Credit Card Swipers

Denis Sinegubko
May 10, 2019

We’ve come across an interesting approach to injecting credit card swipers into Magento web pages. Instead of injecting a real script, attackers insert a seemingly…

Read the Post