Luke Leal

121 posts

Luke Leal is a member of the Malware Research team and joined the company in 2015. Luke's main responsibilities include threat research and malware analysis, which is used to improve our tools. His professional experience covers over eight years of deobfuscating malware code and using unique data from it to help in correlating patterns. When he’s not researching infosec issues or working on websites, you might find Luke traveling and learning about new things. Connect with him on Twitter.

OneTone Vulnerability Leads to JavaScript Cookie Hijacking

Luke Leal
April 15, 2020

A vulnerability in the discontinued WordPress theme OneTone has been added to an ongoing campaign that is targeting vulnerable WordPress websites and causes malicious redirects…

Read the Post

Phishing with a COVID-19 Lure

Luke Leal
April 6, 2020

It’s not uncommon to see criminals use disasters or current events to enhance their social engineering tactics, and the recent COVID-19 pandemic is no different.…

Read the Post

Fake License.txt File Loaded Through PHP Include

Luke Leal
April 3, 2020

Our team recently found a malicious injection located within a PHP include. The redirect occurs via the include function, which includes a file inconspicuously named…

Read the Post

Face Mask Spam Links Injected in WordPress Database

Luke Leal
April 2, 2020

During a recent malware removal request, we found a compromised WordPress site being used to redirect to spam websites. The campaign was leveraging an increase…

Read the Post

Multi-Step Phishing Kit Targeting Credit Union

Luke Leal
April 1, 2020

Phishing attacks can come in all shapes and sizes. Posing a serious threat to industries large and small, phishing campaigns are the fraudulent attempt to…

Read the Post

Assemble the Cookies

Luke Leal
March 25, 2020

When we investigate compromised websites, it’s not unusual to find malicious files that have been obfuscated through forms of encoding or encryption — however, these…

Read the Post

Tiny WSO Webshell Loader

Luke Leal
March 24, 2020

A PHP webshell is a common tool found on compromised environments. Attackers use webshells as backdoors, allowing them to maintain unauthorized access to a hacked…

Read the Post

Extract Function Backdoor Variant

Luke Leal
March 18, 2020

We recently found malware on a client’s WordPress site that was using a variant of a backdoor that we previously covered back in 2014. The…

Read the Post

3-D Secure SMS-OTP Phishing

Luke Leal
March 9, 2020

One of our remediation analysts Eli Trevino recently discovered a phishing page informing victims about fake Netflix service disruptions, supposedly due to problems with the…

Read the Post

Skimmer Plugin Hides Itself From wp-admin

Luke Leal
February 27, 2020

Our analyst Moe O recently discovered an interesting Javascript injection that was stealing submitted payment data from visitors on a WordPress website with a Woocommerce…

Read the Post

Malicious WordPress User Hijacker

Luke Leal
February 25, 2020

Our analyst Liam Smith recently found a malicious file with the name wp-atom2.php on a compromised WordPress site that had been infected with pharma spam.…

Read the Post