Peter Gramantik

About Peter Gramantik

Peter has been working in Information Security for over 12 years, currently as a Senior Malware Researcher at Sucuri. When he’s not on the clock, you can find him doing technical dives in deep and cold waters, playing guitar or ukulele, riding his Harley Davidson Sportster, or researching malware on his own. Follow him on Twitter at @petergramantik

April 4, 2018Peter Gramantik

Obfuscation Through Legitimate Appearances

Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This seemed suspicious, since no such core WP file like it exists: ./wp-includes/init.php Deceiving Appearances I started with a standard…

September 28, 2017Peter Gramantik

Fake Plugins, Fake Security

Update: The plugin name is fake and has nothing to do with the well-known WP-SpamShield plugin in the official WordPress plugin repository. WordPress users are becoming increasingly more aware of…

August 30, 2016Peter Gramantik

Ask Sucuri: How Modern Web Phishing Works

Most of us have experienced some kind of phishing attempt in our online lives, and we have seen phishing grow in complexity. Usually, we notice that the login pages are…

April 22, 2016Peter Gramantik

SEO Spam Technique Designed to Avoid Detection

Ten years ago the internet looked very different than it does now. Today, web designers have more options and standards to make a website stand out. Do you recall when…

November 3, 2015Peter Gramantik

Return of the EXIF PHP Joomla Backdoor

Our Remediation and Research teams are in constant communication and collaboration. It’s how we stay ahead of the latest threats, but it also presents an opportunity to identify interesting threats…

June 23, 2015Peter Gramantik

Magento Platform Targeted By Credit Card Scrapers

We’ve been writing a lot about ecommerce hacks and PCI Compliance recently. The more people buy things online, the more of an issue this will be come and the more…

April 2, 2015Peter Gramantik

Website Malware – The SWF iFrame Injector Evolves

Last year, we released a post about a malware injector found in an Adobe Flash (.swf) file. In that post, we showed how a SWF file is used to inject…

March 5, 2015Peter Gramantik

Why A Free Obfuscator Is Not Always Free.

We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s…

November 5, 2014Peter Gramantik

Malicious iFrame Injector Found in Adobe Flash File (.SWF)

Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iframe is used to drop a binary browser exploit…

October 27, 2014Peter Gramantik

ASP Backdoors? Sure! It’s not just about PHP

I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need to correct that perception. While…

October 24, 2014Peter Gramantik

Popular Brazilian Site “Porta dos Fundos” Hacked

A very well known Brazilian comedy site, “Porta dos Fundos,” was recently hacked and is pushing malware (drive-by-download) via a malicious Flash executable, as you can see from our Sitecheck…