Puja Srivastava

34 posts

Puja Srivastava is a Security Analyst with a passion for fighting new and undetected malware threats. With over 7 years of experience in the field of malware research and security, Puja has honed her skills in detecting, monitoring, and cleaning malware from websites. Her responsibilities include website malware remediation, training, cross-training and mentoring new recruits and analysts from other departments, and handling escalations. Outside of work, Puja enjoys exploring new places and cuisines, experimenting with new recipes in the kitchen, and playing chess.

Malware Intercepts Googlebot via IP-Verified Conditional Logic

Puja Srivastava

January 13, 2026

Some attackers are increasingly moving away from simple redirects in favor of more “selective” methods of payload delivery. This approach filters out regular human visitors,…

Read the Post

Google Sees Spam, You See Your Site: A Cloaked SEO Spam Attack

Puja Srivastava

January 8, 2026

We recently handled a case where a customer reported strange SEO behavior on their website. Regular visitors saw a normal site. No popups. No redirects.…

Read the Post

Fake Browser Updates Targeting WordPress Administrators via Malicious Plugin

Puja Srivastava

January 7, 2026

We recently investigated a case involving a WordPress website where a customer reported persistent fake pop-up notifications appearing on their site. The warnings were urging…

Read the Post

WordPress Auto-Login Backdoor Disguised as JavaScript Data File

Puja Srivastava

December 10, 2025

During a recent investigation, we discovered a sophisticated WordPress backdoor hidden in what appears to be a JavaScript data file. This malware automatically logs attackers…

Read the Post

Malvertising Campaign Hides in Plain Sight on WordPress Websites

Puja Srivastava

October 3, 2025

Recently, one of our customers noticed suspicious JavaScript loading across their WordPress website. Visitors were being served third-party scripts that the site owner never installed.…

Read the Post

Hidden WordPress Backdoors Creating Admin Accounts

Puja Srivastava

September 23, 2025

During a recent cleanup of a compromised WordPress website, we discovered two different malicious files designed to silently manipulate administrator accounts. Attackers often inject such…

Read the Post

Malicious JavaScript Injects Fullscreen Iframe On a WordPress Website

Puja Srivastava

August 13, 2025

Last month, we came across an ongoing JavaScript-based malware campaign affecting compromised websites. The malware injects a fullscreen iframe that silently loads content from a…

Read the Post

Unauthorized Admin User Created via Disguised WordPress Plugin

Puja Srivastava

July 29, 2025

Recently at Sucuri, we investigated a malware case reported by one of our clients. Their WordPress site was compromised, and the attacker had installed a…

Read the Post

Uncovering a Stealthy WordPress Backdoor in mu-plugins

Puja Srivastava

July 22, 2025

Recently, our team uncovered a particularly sneaky piece of malware tucked away in a place many WordPress users don’t even know exists: the mu-plugins folder.…

Read the Post

WordPress Redirect Malware Hidden in Google Tag Manager Code

Puja Srivastava

July 17, 2025

Last month, a customer contacted us after noticing their WordPress website was unexpectedly redirecting to a spam domain. The redirection occurred approximately 4-5 seconds after…

Read the Post

Stealthy PHP Malware Uses ZIP Archive to Redirect WordPress Visitors

Puja Srivastava

July 11, 2025

Last month, a customer contacted us, concerned about persistent and inexplicable redirects on their WordPress website. Our investigation quickly unearthed a sophisticated piece of malware…

Read the Post