Denis Sinegubko

194 posts

Denis Sinegubko is Sucuri’s Senior Malware Researcher who joined the company in 2013. Denis' main responsibilities include researching emerging threats and creating signatures for SiteCheck. The founder of UnmaskParasites, his professional experience covers over 20 years of programming and information security. When Denis isn’t analyzing malware, you might not find him online at all. Connect with him on Twitter.

Naive CoinHive Injections

Denis Sinegubko
December 20, 2017

Since CoinHive domain made it into many blacklists, attackers began avoiding linking to the hosted library file https://coinhive .com/lib/coinhive.min.js. Instead, they uploaded this file to…

Read the Post

Reversed URLs Randomly Redirect to Scams

Denis Sinegubko
December 14, 2017

We are seeing hundreds of infected WordPress sites with the following scripts (in one line) injected in random places in wp_posts table. $vTB$I_919AeEAw2z$KX=function(n){if (typeof ($vTB$I_919AeEAw2z$KX.list[n])…

Read the Post

Malicious Cryptominers from GitHub

Denis Sinegubko
December 7, 2017

Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site. Our investigation revealed a hidden…

Read the Post

Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites

Denis Sinegubko
December 6, 2017

Update Dec. 8 2017: The cloudflare[.]solutions domain has now been taken down. A few weeks ago, we wrote about a massive WordPress infection that injected an…

Read the Post

WP-VCD Malware Comes with Nulled Themes

Denis Sinegubko
December 6, 2017

Recently we wrote about wp-vcd malware that created rogue WordPress admin users (100010010) and injected spam links. Our readers noticed that the “nulled” premium theme…

Read the Post

Fake jQuery and Google Analytics Hide Yet Another Cryptominer

Denis Sinegubko
November 24, 2017

This is a quick posts about yet another quite massive attack that installs CoinHive JavaScript Monero miners on compromised websites. You might have already read…

Read the Post

cryptominers on hacked sites blog header

Cryptominers on Hacked Sites – Part 2

Denis Sinegubko
October 25, 2017

Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive miners into compromised…

Read the Post

hacked website mine cryptocurrencies blog header

Hacked Websites Mine Cryptocurrencies

Denis Sinegubko
September 22, 2017

Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this every day in the…

Read the Post

abandoned scripts and pitfalls of cleaning serialized data blog post header

Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data

Denis Sinegubko
September 13, 2017

Over the summer, we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php). The…

Read the Post

Website Security

Affiliate Cookie Stuffing in iFrames

Denis Sinegubko
September 5, 2017

Inline frames (iFrames) are an easy way to embed content from another site onto your own. This element allows you to insert another document inside…

Read the Post

Mining Adminers – Hackers Scan the Internet For DB Scripts

Denis Sinegubko
August 30, 2017

Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same…

Read the Post