Luke Leal

121 posts

Luke Leal is a member of the Malware Research team and joined the company in 2015. Luke's main responsibilities include threat research and malware analysis, which is used to improve our tools. His professional experience covers over eight years of deobfuscating malware code and using unique data from it to help in correlating patterns. When he’s not researching infosec issues or working on websites, you might find Luke traveling and learning about new things. Connect with him on Twitter.

Spam Doorway Manager

Luke Leal
July 25, 2019

While investigating a client’s compromised website, we saw a malicious file that was being used to manage an existing SEO spam doorway. We usually refer…

Read the Post

Fake Google Domains Used in Evasive Magento Skimmer

Luke Leal
July 25, 2019

We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings. Our investigation revealed that…

Read the Post

Backdoor plugin hides from view

Luke Leal
July 24, 2019

One of the most important traits for backdoors is the ability to remain undetected by most users — otherwise it may draw suspicion and be…

Read the Post

FBCMS Pharmacy Spam Website

Luke Leal
July 23, 2019

Whenever most people think of a website CMS, they most often think of the popular options like WordPress, Joomla, or Drupal. What do all three…

Read the Post

Reset Email Account Passwords after Website Infection: Follow Up

Luke Leal
July 22, 2019

In a previous analysis of a malicious file, we demonstrated why you should always update your email account passwords after a security compromise. The information…

Read the Post

Stolen Payment Data: Infected Ecommerce Website to Darknet Markets

Luke Leal
July 16, 2019

The final actor of the stolen payment data supply chain is the end user. Rather than just selling or reselling payment data, the end user…

Read the Post

Magento Killer

Luke Leal
July 10, 2019

A malicious PHP script, aptly given the name “Magento Killer” by its creator(s), has been found targeting Magento websites. While it doesn’t actually kill the…

Read the Post

Fake Instagram Verification

Luke Leal
June 26, 2019

Across various social media platforms there are verification checkmark symbols that appear near the name of the account’s page we view. For example, this verified…

Read the Post

Cryptomining Dropper and Cronjob Creator

Luke Leal
June 19, 2019

Recently, someone reached out to us about a malicious process they had discovered running on their web server. This process was maxing out the CPU,…

Read the Post

PHP Backdoor Evaluates XOR Encrypted Requests

Luke Leal
May 29, 2019

In the past, we’ve mentioned how the PHP XOR bitwise operator (represented by the caret ^) can be used to encrypt a malware’s source code.…

Read the Post

Return to the City of Cron – Malware Infections on Joomla and WordPress

Luke Leal
May 27, 2019

We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had…

Read the Post