Luke Leal

121 posts

Luke Leal is a member of the Malware Research team and joined the company in 2015. Luke's main responsibilities include threat research and malware analysis, which is used to improve our tools. His professional experience covers over eight years of deobfuscating malware code and using unique data from it to help in correlating patterns. When he’s not researching infosec issues or working on websites, you might find Luke traveling and learning about new things. Connect with him on Twitter.

Threat intelligence gathering from slight changes in malicious code samples

Luke Leal
May 24, 2019

We found the following PHP backdoor in August 2018 along with other malware samples uploaded after hackers exploit a specific vulnerable WordPress plugin covered in…

Read the Post

array_diff_ukey Usage in Malware Obfuscation

Luke Leal
May 14, 2019

We discovered a PHP backdoor on a WordPress installation that contained some interesting obfuscation methods to keep it hidden from prying eyes: $zz1 = chr(95).chr(100).chr(101).chr(115).chr(116).chr(105).chr(110).chr(97).chr(116).chr(105).chr(111).chr(110);…

Read the Post

xmlrpc.php Brute Force Tool

Luke Leal
May 9, 2019

We discovered a xmlrpc.php brute-force tool in a malicious PHP script that appears to have been uploaded months ago after a vulnerable GDPR plugin exploit:…

Read the Post

How Stolen Ecommerce Data is Sold on the Darknet

Luke Leal
May 1, 2019

We have recently published posts regarding banking malware and some of the ways it uses compromised websites to infect victim’s devices (smartphones, computers, POS terminals).…

Read the Post

WP Plugin Hider

Luke Leal
April 23, 2019

One of our analysts recently found an interesting injection that has been found on WordPress installations. Installed by hacker, it is used to hide a…

Read the Post

Reset Email Account Passwords After a Website Malware Infection

Luke Leal
April 22, 2019

It’s not uncommon for bad actors to use compromised websites to send large amounts of email spam. This can cause major headaches for website owners…

Read the Post

Malware Campaigns Sharing Network Resources: r00ts.ninja

Luke Leal
April 2, 2019

We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign…

Read the Post

Fake Google reCAPTCHA Used in Bank Phishing

Website Security

Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware

Luke Leal
February 21, 2019

The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online phishing campaigns impersonate a…

Read the Post

Array String Obfuscation

Luke Leal
December 6, 2018

We continue to see an increase in the number of these PHP injections that use multiple obfuscation methods to evade detection, but lately one method…

Read the Post

Unsuccessfully Defaced Websites

Luke Leal
September 13, 2018

Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages…

Read the Post

“Google Fonts” popup leads to malware

Luke Leal
September 10, 2018

A recent malware injection in a client\’s WordPress file was found to be targeting website visitors that were using the Google Chrome browser to access…

Read the Post