Browsing Category
Website Malware Infections
857 posts
Malvertising Campaign Hides in Plain Sight on WordPress Websites
Recently, one of our customers noticed suspicious JavaScript loading across their WordPress website. Visitors were being served third-party scripts that the site owner never installed.…
Hidden WordPress Backdoors Creating Admin Accounts
During a recent cleanup of a compromised WordPress website, we discovered two different malicious files designed to silently manipulate administrator accounts. Attackers often inject such…
How to Fix the “Deceptive Site Ahead” Warning
Did you just try to access your site and encounter a Deceptive Site Ahead warning? This error message occurs when the browser believes your website…
What is Phishing?
Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a…
Malicious JavaScript Injects Fullscreen Iframe On a WordPress Website
Last month, we came across an ongoing JavaScript-based malware campaign affecting compromised websites. The malware injects a fullscreen iframe that silently loads content from a…
Unauthorized Admin User Created via Disguised WordPress Plugin
Recently at Sucuri, we investigated a malware case reported by one of our clients. Their WordPress site was compromised, and the attacker had installed a…
WordPress Redirect Malware Hidden in Google Tag Manager Code
Last month, a customer contacted us after noticing their WordPress website was unexpectedly redirecting to a spam domain. The redirection occurred approximately 4-5 seconds after…
Stealthy PHP Malware Uses ZIP Archive to Redirect WordPress Visitors
Last month, a customer contacted us, concerned about persistent and inexplicable redirects on their WordPress website. Our investigation quickly unearthed a sophisticated piece of malware…
Attackers Inject Code into WordPress Theme to Redirect Visitors
In a recent article we discussed some of the reasons sites are frequently attacked. That article covered browser redirects, and we’ll explore an example of…
Fake Spam Plugin Uses Victim’s Domain Name to Evade Detection
During our investigation of an SEO spam infection (spam content designed to manipulate search engine results), we discovered a nicely crafted plugin that named itself…
Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor
Last month, we encountered a particularly interesting and complex malware case that stood out from the usual infections we see in compromised WordPress websites. At…