Luke Leal

121 posts

Luke Leal is a member of the Malware Research team and joined the company in 2015. Luke's main responsibilities include threat research and malware analysis, which is used to improve our tools. His professional experience covers over eight years of deobfuscating malware code and using unique data from it to help in correlating patterns. When he’s not researching infosec issues or working on websites, you might find Luke traveling and learning about new things. Connect with him on Twitter.

GFX Xsender Hack Tool: A Spam Mailer

Luke Leal
October 1, 2020

PHP hack tools are created and used by attackers to help automate frequent or tedious tasks. During a recent investigation, we came across a hack…

Read the Post

Backdoor Obfuscation: tempnam & URL Encoding

Luke Leal
September 28, 2020

In an attempt to avoid detection, attackers and malware authors are always experimenting with different methods to obfuscate their malicious code. During a recent investigation,…

Read the Post

Phishing Page Targets AT&T’s Employee Multi-Factor Authentication

Luke Leal
September 22, 2020

Employees at companies of all sizes can be targets of phishing attacks, but certain corporations or industries can be more valuable to an attacker than…

Read the Post

W97M/Downloader Malware Dropper Served from Compromised Websites

The Hidden PHP Malware that Reinfects Cleaned Files

Luke Leal
September 18, 2020

Website reinfections are a serious problem for website owners, and it can often be difficult to determine the cause behind the reinfection — especially if…

Read the Post

phpbash – A Terminal Emulator Web Shell

Luke Leal
September 16, 2020

It’s common for hackers to utilize post-compromise tools that contain a graphical user interface (GUI) that can be loaded in the web browser. A GUI…

Read the Post

WordPress Redirect Hack via Test0.com/Default7.com

WordPress Malware Disables Security Plugins to Avoid Detection

Luke Leal
September 10, 2020

An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if…

Read the Post

Magento Multiversion (1.x/2.x) Backdoor

Luke Leal
August 26, 2020

The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to use it for the foreseeable…

Read the Post

COVID-19 Chloroquine Pharmaspam

Luke Leal
August 20, 2020

A recent SiteCheck scan of an organization’s website showed an interesting pharmacy spam injection targeting COVID-19-related pages of websites. The HTML that was flagged by…

Read the Post

From .tk Redirects to PushKa Browser Notification Scam

Web Crawler & User Agent Blocking Techniques

Luke Leal
August 14, 2020

This is a simple script that allows hackers to block specific crawlers based upon website requests from specific user-agents. This is useful when you don’t…

Read the Post

Fake WordPress Plugin SiteSpeed Hosts Malicious Ads & Backdoors

Smoker Backdoor: Evasion Techniques in Webshell Backdoors

Luke Leal
August 13, 2020

“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware…

Read the Post

PHP Binary Downloader

Luke Leal
August 7, 2020

When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by…

Read the Post