Luke Leal

About Luke Leal

Luke Leal is Sucuri's Malware Researchers who joined the company in 2015. Luke's main responsibilities include threat research and malware analysis, which can usually be used for content creation. His professional experience covers over eight years of deobfuscating malware code and using unique data from it to help in correlating patterns. When he’s not working on remediation, attack investigations, reverse-engineering, analysis, and LAMP sysadmin, you might find Luke traveling and learning about new things. Connect with him on Twitter.

August 7, 2020Luke Leal

PHP Binary Downloader

When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by a scanner. Some examples of suspicious functions commonly detected include system and file_put_contents. In this malware dropper file we recently…

PHP Backdoor Obfuscated One Liner

In the past, I have explained how small one line PHP backdoors use obfuscation and strings of code in HTTP requests to pass attacker’s commands to backdoors. Today, I’ll highlight…

July 30, 2020Luke Leal

SEO Hacktool: Sitemap Generator

An XML sitemap is an important part of a website’s SEO and exists to help search engine crawlers index new URLs on your website. For example, if a site has…

July 13, 2020Luke Leal

Spox Phishing Kit Harvests Chase Bank Credentials

Phishing kits are the back end components to a phishing attack and are often designed to make it easier to deploy a phishing page. These kits are typically bundled in…

July 8, 2020Luke Leal

Pirated WordPress Plugins Bundled with Backdoors

One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials. Although these are certainly two of…

May 20, 2020Luke Leal

Steam Phishing Campaign Uses CS:GO Skin Gambling Lure

Attackers regularly target online gaming accounts as they can quickly sell any transferable items along with account logins to a third party. This scenario has cropped up for years now,…

May 15, 2020Luke Leal

WordPress Malware Collects Sensitive WooCommerce Data

During a recent investigation, our team found malicious code that reveals how attackers are performing reconnaissance to identify if sites are actively using WooCommerce in a compromised hosting environment. These…

May 13, 2020Luke Leal

B374k Web Shell Packer

PHP web shells are a type of backdoor which, when left on compromised websites, allow attackers to maintain unauthorized access after initial compromise. To further evade detection, attackers may also…

YouTube Account Recovery Phishing

Phishing attacks against targeted channels have been successful in the past, as explained last year on ZDNet. Recently, our Remediation team found an interesting phishing page following a similar pattern…

April 29, 2020Luke Leal

Phishing Campaign Targets Poste Italiane & SMS OTP Verification

When creating phishing lures, attackers may cite recent major regulatory changes within the context of their social engineering scheme to confuse or further entice victims into clicking a link or…

April 21, 2020Luke Leal

Obfuscated WordPress Malware Dropper

It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating their malicious code to make…