Luke Leal

About Luke Leal

Luke Leal is a member of the Malware Research team and joined the company in 2015. Luke's main responsibilities include threat research and malware analysis, which is used to improve our tools. His professional experience covers over eight years of deobfuscating malware code and using unique data from it to help in correlating patterns. When he’s not researching infosec issues or working on websites, you might find Luke traveling and learning about new things. Connect with him on Twitter.

September 22, 2020Luke Leal

Phishing Page Targets AT&T’s Employee Multi-Factor Authentication

Employees at companies of all sizes can be targets of phishing attacks, but certain corporations or industries can be more valuable to an attacker than others. For instance, employees at telecom companies will often have some level of elevated access that is unavailable to a…

September 18, 2020Luke Leal

The Hidden PHP Malware that Reinfects Cleaned Files

Website reinfections are a serious problem for website owners, and it can often be difficult to determine the cause behind the reinfection — especially if you lack access to necessary…

September 16, 2020Luke Leal

phpbash – A Terminal Emulator Web Shell

It’s common for hackers to utilize post-compromise tools that contain a graphical user interface (GUI) that can be loaded in the web browser. A GUI generally makes the tool easier…

September 10, 2020Luke Leal

WordPress Malware Disables Security Plugins to Avoid Detection

An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable…

August 26, 2020Luke Leal

Magento Multiversion (1.x/2.x) Backdoor

The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to use it for the foreseeable future. Unfortunately, attackers are also…

August 20, 2020Luke Leal

COVID-19 Chloroquine Pharmaspam

A recent SiteCheck scan of an organization’s website showed an interesting pharmacy spam injection targeting COVID-19-related pages of websites. The HTML that was flagged by our SiteCheck signature, spam-seo.hidden_content?100.2, shows…

August 14, 2020Luke Leal

Web Crawler & User Agent Blocking Techniques

This is a simple script that allows hackers to block specific crawlers based upon website requests from specific user-agents. This is useful when you don’t want certain traffic from being…

August 13, 2020Luke Leal

Smoker Backdoor: Evasion Techniques in Webshell Backdoors

“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware scanners. The hexadecimal/decimal obfuscation is…

August 7, 2020Luke Leal

PHP Binary Downloader

When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by a scanner. Some examples of…

PHP Backdoor Obfuscated One Liner

In the past, I have explained how small one line PHP backdoors use obfuscation and strings of code in HTTP requests to pass attacker’s commands to backdoors. Today, I’ll highlight…

July 30, 2020Luke Leal

SEO Hacktool: Sitemap Generator

An XML sitemap is an important part of a website’s SEO and exists to help search engine crawlers index new URLs on your website. For example, if a site has…