Side Effects of the Site_url Hack
Denis Sinegubko We\’ve been cleaning many sites infected by the so-called site_url hack–the result of the WP GDPR Compliance plugin vulnerability. The sites are broken because their…
Hackers Change WordPress Siteurl to Pastebin
Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net.…
Fake Wp.org/jquery.js
There is a long-lasting malware campaign (dating back to at least 2016) that injects fake jQuery scripts: <script type=”text/javascript” src=”hxxps://www.XX[X]wp[.]org/jquery.js”></script> Where XX[X] are 2 or…
Saskmade[.]net Redirects
Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same week, we…
Multiple Ways to Inject the Same Tech Support Scam Malware
Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites. Shortly…
Multi-Vector WordPress Infection from Examhome
This September, we’ve been seeing a massive infection wave that injects malicious JavaScript code into .js, .php files and the WordPress database.> The script looks…
WordPress Database Upgrade Phishing Campaign
We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an update and looks…
Massive WordPress Redirect Campaign Targets Vulnerable tagDiv Themes and Ultimate Member Plugins
This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites. When redirected, users see annoying pages with random…
Fake Plugins with Popuplink.js Redirect to Scam Sites
Since July, we’ve been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection involves the tiny.cc…
RawGit CDN is Abused by CryptoLoot Cryptominers
Recently, we came across another way to use files from GitHub repositories in malware infections. This time the infections weren’t via GitHub.io, raw.githubusercontent.com, or github.com/<user>/<repository>/raw/…
Hiding Malware Inside Images on GoogleUserContent
If you have been following our blog for a long time, you might remember us writing about malware that used EXIF data to hide its…