Puja Srivastava

31 posts

Puja Srivastava is a Security Analyst with a passion for fighting new and undetected malware threats. With over 7 years of experience in the field of malware research and security, Puja has honed her skills in detecting, monitoring, and cleaning malware from websites. Her responsibilities include website malware remediation, training, cross-training and mentoring new recruits and analysts from other departments, and handling escalations. Outside of work, Puja enjoys exploring new places and cuisines, experimenting with new recipes in the kitchen, and playing chess.

WordPress Auto-Login Backdoor Disguised as JavaScript Data File

Puja Srivastava

December 10, 2025

During a recent investigation, we discovered a sophisticated WordPress backdoor hidden in what appears to be a JavaScript data file. This malware automatically logs attackers…

Read the Post

Malvertising Campaign Hides in Plain Sight on WordPress Websites

Puja Srivastava

October 3, 2025

Recently, one of our customers noticed suspicious JavaScript loading across their WordPress website. Visitors were being served third-party scripts that the site owner never installed.…

Read the Post

Hidden WordPress Backdoors Creating Admin Accounts

Puja Srivastava

September 23, 2025

During a recent cleanup of a compromised WordPress website, we discovered two different malicious files designed to silently manipulate administrator accounts. Attackers often inject such…

Read the Post

Malicious JavaScript Injects Fullscreen Iframe On a WordPress Website

Puja Srivastava

August 13, 2025

Last month, we came across an ongoing JavaScript-based malware campaign affecting compromised websites. The malware injects a fullscreen iframe that silently loads content from a…

Read the Post

Unauthorized Admin User Created via Disguised WordPress Plugin

Puja Srivastava

July 29, 2025

Recently at Sucuri, we investigated a malware case reported by one of our clients. Their WordPress site was compromised, and the attacker had installed a…

Read the Post

Uncovering a Stealthy WordPress Backdoor in mu-plugins

Puja Srivastava

July 22, 2025

Recently, our team uncovered a particularly sneaky piece of malware tucked away in a place many WordPress users don’t even know exists: the mu-plugins folder.…

Read the Post

WordPress Redirect Malware Hidden in Google Tag Manager Code

Puja Srivastava

July 17, 2025

Last month, a customer contacted us after noticing their WordPress website was unexpectedly redirecting to a spam domain. The redirection occurred approximately 4-5 seconds after…

Read the Post

Stealthy PHP Malware Uses ZIP Archive to Redirect WordPress Visitors

Puja Srivastava

July 11, 2025

Last month, a customer contacted us, concerned about persistent and inexplicable redirects on their WordPress website. Our investigation quickly unearthed a sophisticated piece of malware…

Read the Post

Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor

Puja Srivastava

June 27, 2025

Last month, we encountered a particularly interesting and complex malware case that stood out from the usual infections we see in compromised WordPress websites. At…

Read the Post

Analysis of a Malicious WordPress Plugin: The Covert Redirector

Puja Srivastava

June 18, 2025

A few weeks ago, we received a support request from a website owner who was experiencing unexpected redirects. Visitors landed on the website normally, but…

Read the Post

Fake Java Update Popup Found in Malicious WordPress Plugin

Puja Srivastava

May 27, 2025

We recently assisted a customer who reported a persistent and concerning “Java Update” pop-up appearing on their WordPress website. This type of deceptive notification is…

Read the Post