Luke Leal

121 posts

Luke Leal is a member of the Malware Research team and joined the company in 2015. Luke's main responsibilities include threat research and malware analysis, which is used to improve our tools. His professional experience covers over eight years of deobfuscating malware code and using unique data from it to help in correlating patterns. When he’s not researching infosec issues or working on websites, you might find Luke traveling and learning about new things. Connect with him on Twitter.

Magento Login Stealer in Fake bg_white.png Image

Luke Leal
February 24, 2020

Our Remediation team analyst Ben Martin recently found a malicious injection in a compromised Magento 1.9.x installation that was stealing Magento user login credentials. The…

Read the Post

CloudFlare Workers Service Korean SEO Spam

Abused Cloudflare Workers Service Used to Inject Korean SEO Spam

Luke Leal
February 13, 2020

We were recently contacted by a website owner about some malicious injected spam links that were being indexed by Google’s search engine crawler Googlebot. What…

Read the Post

Magento Credit Card Stealer: harilov[.]com

Luke Leal
February 7, 2020

Our Remediation team lead Ben Martin recently discovered a single line obfuscated PHP injection in the main index.php file of a Magento 1.9.x website. It…

Read the Post

Email Scraper: Mass Mail Grabber from Database

Luke Leal
February 5, 2020

One of our Remediation team analysts, Liam Smith, discovered a malicious file on a client’s compromised WordPress website that demonstrates how attackers can use rudimentary…

Read the Post

PHP Dropper Concealed in Malicious WordPress Plugin

Luke Leal
January 30, 2020

Moe Obaid – an analyst from our Remediation Team – recently found a PHP dropper that had been installed as a malicious WordPress plugin. Unlike…

Read the Post

Webshell in Fake Plugin /blnmrpb/ Directory

Luke Leal
January 27, 2020

Our team recently discovered a web shell attempting to hide within a fake WordPress plugin directory wp-content/plugins/blnmrpb/. Inside this fake plugin directory were only two…

Read the Post

Backdoor Found in Compromised WordPress Environment

Luke Leal
January 23, 2020

Our security analyst Ben Martin recently came across a backdoor in a compromised WordPress installation that had been injected into the first line of the…

Read the Post

Malicious JavaScript Used in WP Site/Home URL Redirects

Luke Leal
January 21, 2020

Our team recently found a malicious JavaScript injection within the WordPress index.php theme file on a compromised WordPress website which ultimately redirects site visitors to…

Read the Post

Simple WAF Evasion Backdoor

Luke Leal
January 17, 2020

Our team recently located a malicious PHP file on a compromised website which claims to evade web application firewalls, with the intention of downloading a…

Read the Post

DoS Tool: 403.php

Luke Leal
January 17, 2020

One of our analysts, Kaushal Bhavsar, found a malicious DoS file within a compromised website’s filesystem under the filename 403.php. Aptly named after 403 error…

Read the Post

Zen Cart “PayPal” Skimmer

Luke Leal
January 17, 2020

While we mostly see skimmers on Magento based websites, this does not mean that less-popular ecommerce platforms are safe from infections with similar payment information…

Read the Post