Luke Leal

121 posts

Luke Leal is a member of the Malware Research team and joined the company in 2015. Luke's main responsibilities include threat research and malware analysis, which is used to improve our tools. His professional experience covers over eight years of deobfuscating malware code and using unique data from it to help in correlating patterns. When he’s not researching infosec issues or working on websites, you might find Luke traveling and learning about new things. Connect with him on Twitter.

Obfuscation Techniques in MARIJUANA Shell “Bypass”

Luke Leal
December 4, 2020

Attackers are always trying to come up with new ways to evade detection from the wide range of security controls available for web applications. This…

Read the Post

“Free” Symchanger Malware Tricks Users Into Installing Backdoor

Luke Leal
December 1, 2020

In a previous post, I discussed how attackers can trick website owners into installing malware onto a website — granting the attacker the same unauthorized…

Read the Post

Hackers Love Expired Domains

Luke Leal
November 26, 2020

Sometimes, website owners no longer want to own a domain name and they allow it to expire without attempting to renew it. This happens all…

Read the Post

Hidden SEO Spam Link Injections on WordPress Sites

Luke Leal
November 23, 2020

Often when a website is injected with SEO spam, the owner is completely unaware of the issue until they begin to receive warnings from search…

Read the Post

PrestaShop SuperAdmin Injector and Login Stealer

Luke Leal
November 18, 2020

According to W3Tech’s data, PrestaShop is among the most popular CMS choices for existing ecommerce websites, so it should come as no surprise that malware…

Read the Post

Code Comments Reveal SCP 173 Malware

Luke Leal
November 9, 2020

We sometimes find malware code injections that contain strange code comments, which are normally used by programmers to annotate a section of code — for…

Read the Post

Return to the City of Cron - Malware Infections on Joomla and WordPress

ALFA TEaM Shell ~ v4.1-Tesla: A Feature Update Analysis

Luke Leal
November 5, 2020

We’ve seen a wider variety of PHP web shells being used by attackers this year — including a number of shells that have been significantly…

Read the Post

P.A.S. Fork v. 1.0 — A Web Shell Revival

Luke Leal
October 26, 2020

A PHP web shell containing multiple functions can easily consist of thousands of lines of code, so it’s no surprise that attackers often reuse the…

Read the Post

WordPress Redirect Hack via Test0.com/Default7.com

R_Evil WordPress Hacktool & Malicious JavaScript Injections

Luke Leal
October 22, 2020

We often see hackers reusing the same malware, with only a few new adjustments to obfuscate the code so that it is more difficult for…

Read the Post

Magento Phishing Leverages JavaScript For Exfiltration

Luke Leal
October 14, 2020

During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd…

Read the Post

Redirects to YouTube Defacement Channel

Luke Leal
October 13, 2020

During a recent investigation, we found an infected website was redirecting to YouTube after its main index.php file had been modified to include the following…

Read the Post