Krasimir Konov

66 posts

Krasimir Konov is Sucuri's Malware Analyst who joined the company in 2014. Krasimir's main responsibilities include analyzing malicious code, signature creation and documentation of malware. His professional experience covers more than 10 years in the IT field, with nine years involved in IT/cyber security. When he’s not analyzing malware or writing Labs notes, you might find Krasimir riding his motorcycle and traveling the world. Connect with him on Twitter or LinkedIn.

Legacy Mauthtoken Malware Continues to Redirect Mobile Users

Krasimir Konov
November 4, 2020

During malware analysis, we regularly find variations of this injected script on various compromised websites: . The variable “_0x446d” assigns hex encoded strings in different…

Read the Post

Backdoor Shell Dropper Deploys CMS-Specific Malware

Krasimir Konov
October 6, 2020

A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and…

Read the Post

Malicious Pop-up Redirects Baidu Traffic

Krasimir Konov
September 29, 2020

Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want. \ During a recent investigation, we…

Read the Post

Magento 2 PHP Skimmer Saves To Image File

Magento Credit Card Stealing Malware: gstaticapi

Krasimir Konov
September 25, 2020

Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information.…

Read the Post

Malicious One-Liner Using Hastebin

Krasimir Konov
September 23, 2020

Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a…

Read the Post

Using assert() to Execute Malware in PHP 7 Environments

Krasimir Konov
September 1, 2020

Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x,…

Read the Post

Sucuri Labs

Persistent WordPress User Injection

Krasimir Konov
August 28, 2020

Our team recently stumbled across an interesting example of malicious code used to add an arbitrary user inside WordPress. The following code was detected at…

Read the Post

CDN-Filestore Credit Card Stealer for Magento

Krasimir Konov
August 18, 2020

During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain…

Read the Post

String Concatenation: Obfuscation Techniques

Krasimir Konov
August 12, 2020

While string concatenation has many valuable applications in development — such as making code more efficient or functions more effective — it is also a…

Read the Post

Malicious Magento User Creator

Krasimir Konov
July 21, 2020

We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” ⁠— probably referring…

Read the Post

Fake WordPress Plugin SiteSpeed Hosts Malicious Ads & Backdoors

Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors

Krasimir Konov
July 16, 2020

Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a…

Read the Post