Leveraging Stored Procedures for Nefarious Purposes
Bruno Zanelato Here at Sucuri, we clean thousands of websites on a daily basis, and while some of them are easy to solve, others may require more…
Browsing Category
Sucuri Labs
336 posts
Malware Infection from One Directory Up
Mohit Jawanjal Malicious code can reside anywhere on the site — not just in the web directory of the folder. During a recent incident response, all pages…
Hiding a Hacktool Using a .jpg Extension
Gabriel Barbosa Hackers will do anything to hide their intentions behind the files they upload to compromised websites. This time, we’ve found a hacktool hidden inside a…
Malware Campaign Evolves to Target New Plugins: May 2019
John Castro A long-lasting malware campaign targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites. Easily automated…
Threat intelligence gathering from slight changes in malicious code samples
Luke Leal We found the following PHP backdoor in August 2018 along with other malware samples uploaded after hackers exploit a specific vulnerable WordPress plugin covered in…
Hosting page templates causing your website ad campaign to be blocked
Cesar Anjos It’s quite common that hosting providers have templates set for pages like 40x and 50x error pages but it’s uncommon for those templates to have…
Hex’ing the CSS Style Attribute for Black Hat SEO
Ahmad Azizan Idris Dealing with Black Hat SEO injections on our daily operation is always fun and challenging at the same time. One day, we may work with…
array_diff_ukey Usage in Malware Obfuscation
We discovered a PHP backdoor on a WordPress installation that contained some interesting obfuscation methods to keep it hidden from prying eyes: $zz1 = chr(95).chr(100).chr(101).chr(115).chr(116).chr(105).chr(110).chr(97).chr(116).chr(105).chr(111).chr(110);…
Images Loading Credit Card Swipers
Denis Sinegubko We’ve come across an interesting approach to injecting credit card swipers into Magento web pages. Instead of injecting a real script, attackers insert a seemingly…
xmlrpc.php Brute Force Tool
We discovered a xmlrpc.php brute-force tool in a malicious PHP script that appears to have been uploaded months ago after a vulnerable GDPR plugin exploit:…
Fake relatable domain used to distribute ads
Krasimir Konov Malicious users try to hide their malicious scripts in many ways these days, some more clever then others, in this case we look at a…