Peter Gramantik

About Peter Gramantik

Peter Gramantik is Sucuri’s Sr. Malware Researcher who joined the company in 2013. Peter’s main responsibilities include crafting signatures for new malware, and improving existing and researching new detection techniques. His professional experience covers 15 years of fighting malware. When Peter isn’t researching malware, you might find him doing technical and cave dives, riding his Harley Davidson, playing the guitar and singing in a band, or cooking BBQ for his family and friends. Connect with Peter on Twitter.

December 30, 2019Peter Gramantik

The Anatomy of Website Malware Part 2: Credit Card Stealers

One of the biggest malicious trends in the last few months and years are credit card stealers — also commonly referred to as credit card skimmers or cc stealers. In the second part of this Website Malware Anatomy series, I’m going to deconstruct several skimmers…

February 7, 2019Peter Gramantik

The Anatomy of Website Malware: An Introduction

We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose…

December 7, 2018Peter Gramantik

Fake Volkswagen Campaign Spreads Through Social Networks

We recently investigated a suspicious link received by one of my colleagues on WhatsApp. The message (in Portuguese) states that Volkswagen is offering 20 free cars until the end of…

September 14, 2018Peter Gramantik

Outdated Duplicator Plugin RCE Abused

We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software:…

July 16, 2018Peter Gramantik

Persistent Malicious Redirect Variants

It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to tell, etc. But what if…

April 4, 2018Peter Gramantik

Obfuscation Through Legitimate Appearances

Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This seemed suspicious, since no…

September 28, 2017Peter Gramantik

Fake Plugins, Fake Security

Update: The plugin name is fake and has nothing to do with the well-known WP-SpamShield plugin in the official WordPress plugin repository. WordPress users are becoming increasingly more aware of…

September 29, 2016Peter Gramantik

Targeting mobile devices the easy way

With the outburst of mobile-only malware, we’re seeing a lot of mobile-devices targeted campaigns in last years. There are lot of ways how to make sure that the malware /…

August 30, 2016Peter Gramantik

Ask Sucuri: How Modern Web Phishing Works

Most of us have experienced some kind of phishing attempt in our online lives, and we have seen phishing grow in complexity. Usually, we notice that the login pages are…

April 22, 2016Peter Gramantik

SEO Spam Technique Designed to Avoid Detection

Ten years ago the internet looked very different than it does now. Today, web designers have more options and standards to make a website stand out. Do you recall when…

November 3, 2015Peter Gramantik

Return of the EXIF PHP Joomla Backdoor

Our Remediation and Research teams are in constant communication and collaboration. It’s how we stay ahead of the latest threats, but it also presents an opportunity to identify interesting threats…