Denis Sinegubko

194 posts

Denis Sinegubko is Sucuri’s Senior Malware Researcher who joined the company in 2013. Denis' main responsibilities include researching emerging threats and creating signatures for SiteCheck. The founder of UnmaskParasites, his professional experience covers over 20 years of programming and information security. When Denis isn’t analyzing malware, you might not find him online at all. Connect with him on Twitter.

CoinImp Cryptominer and Fully Qualified Domain Names

Denis Sinegubko
July 5, 2018

We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period). E.g. “www.example.com”, where “www”…

Read the Post

JQuory: Cryptomining in Nulled Themes and Plugins.

Denis Sinegubko
June 5, 2018

Three months ago b>@ninoseki</b revealed a group of sites with cryptomining scripts inside jquory.js files (yes, jquory instead of jquery). Coinhive(“I2OG8vGGXjF7wMQgL37BhqG5aVPjcoQL”) is trigged by “jquory.js”.…

Read the Post

Drupal Infections - Tech Support Redirect

Massive localstorage[.]tk Drupal Infection

Denis Sinegubko
May 8, 2018

After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this one: Massive…

Read the Post

From Baidu to Google’s Open Redirects

Denis Sinegubko
April 18, 2018

Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam pages.…

Read the Post

Unwanted Ads via Baidu Links

Denis Sinegubko
April 10, 2018

The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were…

Read the Post

GitHub Hosts Infostealers Part 2: Cryptominers and Credit Card Stealers

Denis Sinegubko
March 21, 2018

Update – March 28th, 2018: The fake Flash update files referenced in this post have been moved from GitHub to port.so[.]tl, and the bit.wo[.]tc script…

Read the Post

Website Security

GitHub Hosts Infostealer

Denis Sinegubko
March 15, 2018

A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered…

Read the Post

Website Security

Wikipedia Page Review Reveals Minr Malware

Denis Sinegubko
February 19, 2018

Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the…

Read the Post

Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins

Denis Sinegubko
February 12, 2018

On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating…

Read the Post

Cloudflare[.]solutions Keylogger Returns on New Domains

Denis Sinegubko
January 24, 2018

A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the…

Read the Post

Malicious Website Cryptominers from GitHub. Part 2.

Denis Sinegubko
January 3, 2018

Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time, we noticed another attack…

Read the Post