Luke Leal

About Luke Leal

Luke Leal is a member of the Malware Research team and joined the company in 2015. Luke's main responsibilities include threat research and malware analysis, which is used to improve our tools. His professional experience covers over eight years of deobfuscating malware code and using unique data from it to help in correlating patterns. When he’s not researching infosec issues or working on websites, you might find Luke traveling and learning about new things. Connect with him on Twitter.

January 14, 2021Luke Leal

Real-Time Phishing Kit Targets Brazilian Central Bank

We recently found an interesting phishing kit on a compromised website that has QR code capabilities, along with the ability to control the phishing page in real time. What our investigation revealed was that attackers were leveraging PIX, a new payment method created by the…

January 12, 2021Luke Leal

Obfuscation Techniques in Ransomweb “Ransomware”

As vital assets for many business operations, websites and their hosting servers are often the target of ransomware attacks — and if they get taken offline, this can cause major…

January 7, 2021Luke Leal

Evaluating Cookies to Hide Backdoors

Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of…

December 4, 2020Luke Leal

Obfuscation Techniques in MARIJUANA Shell “Bypass”

Attackers are always trying to come up with new ways to evade detection from the wide range of security controls available for web applications. This also extends to malware like…

December 1, 2020Luke Leal

“Free” Symchanger Malware Tricks Users Into Installing Backdoor

In a previous post, I discussed how attackers can trick website owners into installing malware onto a website — granting the attacker the same unauthorized access as if they had…

November 26, 2020Luke Leal

Hackers Love Expired Domains

Sometimes, website owners no longer want to own a domain name and they allow it to expire without attempting to renew it. This happens all the time and is totally…

November 23, 2020Luke Leal

Hidden SEO Spam Link Injections on WordPress Sites

Often when a website is injected with SEO spam, the owner is completely unaware of the issue until they begin to receive warnings from search engines or blacklists. This is…

November 18, 2020Luke Leal

PrestaShop SuperAdmin Injector and Login Stealer

According to W3Tech’s data, PrestaShop is among the most popular CMS choices for existing ecommerce websites, so it should come as no surprise that malware has been created to specifically…

November 9, 2020Luke Leal

Code Comments Reveal SCP-173 Malware

We sometimes find malware code injections that contain strange code comments, which are normally used by programmers to annotate a section of code — for example, a short description of…

November 5, 2020Luke Leal

ALFA TEaM Shell ~ v4.1-Tesla: A Feature Update Analysis

We’ve seen a wider variety of PHP web shells being used by attackers this year — including a number of shells that have been significantly updated in an attempt to…

October 26, 2020Luke Leal

P.A.S. Fork v. 1.0 — A Web Shell Revival

A PHP shell containing multiple functions can easily consist of thousands of lines of code, so it’s no surprise that attackers often reuse the code from some of the most…