Krasimir Konov

About Krasimir Konov

Krasimir Konov is Sucuri's Malware Analyst who joined the company in 2014. Krasimir's main responsibilities include analyzing malicious code, signature creation and documentation of malware. His professional experience covers more than 10 years in the IT field, with nine years involved in IT/cyber security. When he’s not analyzing malware or writing Labs notes, you might find Krasimir riding his motorcycle and traveling the world. Connect with him on Twitter or LinkedIn.

July 21, 2020Krasimir Konov

Malicious Magento User Creator

We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” ⁠— probably referring to a Croatian Magento consulting company. The script is simple but very effective and can easily be overlooked as another…

July 16, 2020Krasimir Konov

Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors

Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a fake component which was masquerading…

June 2, 2020Krasimir Konov

Malicious Curl Downloader

If you want to easily download and save remote files, curl is an excellent command-line tool for Windows and Unix. It supports HTTP, HTTPS, and FTP protocols and allows for…

April 27, 2020Krasimir Konov

WordPress Admin Login Stealer

During an investigation, we identified a WordPress login stealer using the PHP functions curl and file_get_contents. The malicious code was injected into the core file wp-login.php to intercept the information…

April 21, 2020Krasimir Konov

Fake M-Shield WordPress Plugin

During a recent malware investigation, we found a fake WordPress plugin called M-Shield. We also found almost an identical plugin under the name kingof, with malicious code hosted in the…

March 30, 2020Krasimir Konov

How to Protect Personally Identifiable Information (PII) from Search Engines

In today’s internet age we take our privacy for granted. We sign up for many services which are “free.” We participate in giveaways and generally give out information about ourselves…

March 6, 2020Krasimir Konov

Phishing and Malware via SMS Text Message

We’ve recently noticed an increase in reports of phishing and malware being distributed via SMS text messages. During one investigation, we identified fake messages sent from a random number pretending…

November 13, 2019Krasimir Konov

Malicious Android Application Used in Phishing Scam

While we deal with a lot of phishing cases, we rarely see mobile applications used as part of a phishing campaign—these apps add a layer of complexity to the process…

October 16, 2019Krasimir Konov

Cryptominers & Backdoors Found in Fake Plugins

When cleaning websites, we regularly find phishing pages, malicious code injected into files, and SEO spam. However, over the past couple of months we’ve also noticed a considerable increase in…

August 5, 2019Krasimir Konov

Malicious Plugin Used to Encrypt WordPress Posts

During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner complained of a newly installed…

August 1, 2019Krasimir Konov

EE wireless provider phishing malware

A large number of phishing targets include popular services such as banks, payment providers, and email services. In this type of attack, fraudsters create fake pages that appear to be…