Krasimir Konov

About Krasimir Konov

Krasimir Konov is Sucuri's Malware Analyst who joined the company in 2014. Krasimir's main responsibilities include analyzing malicious code, signature creation and documentation of malware. His professional experience covers more than 10 years in the IT field, with nine years involved in IT/cyber security. When he’s not analyzing malware or writing Labs notes, you might find Krasimir riding his motorcycle and traveling the world. Connect with him on Twitter or LinkedIn.

December 17, 2020Krasimir Konov

The Dangers of Using Abandoned Plugins & Themes

It’s not very often that we see abandoned components being used on a website — but when we do, it’s most often because the website was exhibiting malware-like behavior and we were called to investigate and clean up the site. Old and abandoned plugins and…

December 10, 2020Krasimir Konov

Malware Dropper Takes Advantage of COVID-19 Pandemic

Since April, our team has been tracking the spread of a PHP malware dropper. It’s impacting unsuspecting victims who thought they were downloading a mapping software to monitor the spread…

November 4, 2020Krasimir Konov

Legacy Mauthtoken Malware Continues to Redirect Mobile Users

During malware analysis, we regularly find variations of this injected script on various compromised websites: . The variable “_0x446d” assigns hex encoded strings in different positions in the array. If…

October 6, 2020Krasimir Konov

Backdoor Shell Dropper Deploys CMS-Specific Malware

A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want….

September 29, 2020Krasimir Konov

Malicious Pop-up Redirects Baidu Traffic

Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want. \ During a recent investigation, we came across an obfuscated pop-up…

September 25, 2020Krasimir Konov

Magento Credit Card Stealing Malware: gstaticapi

Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information. To obtain sensitive details, the…

September 23, 2020Krasimir Konov

Malicious One-Liner Using Hastebin

Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a domain we see used infrequently….

September 1, 2020Krasimir Konov

Using assert() to Execute Malware in PHP 7 Environments

Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x, making it an incredibly popular…

August 28, 2020Krasimir Konov

Persistent WordPress User Injection

Our team recently stumbled across an interesting example of malicious code used to add an arbitrary user inside WordPress. The following code was detected at the bottom of the theme’s…

August 18, 2020Krasimir Konov

CDN-Filestore Credit Card Stealer for Magento

During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain cdn-filestore[dot]com. My colleague Luke Leal…

August 12, 2020Krasimir Konov

String Concatenation: Obfuscation Techniques

While string concatenation has many valuable applications in development — such as making code more efficient or functions more effective — it is also a popular way for attackers to…