Free Premium themes? There’s always a catch
Pedro Peixoto OK, so we’ve all been there. We want something Premium, such as a paid version of an app or piece of software, but it would…
Browsing Category
Sucuri Labs
336 posts
WP Plugin Hider
Luke Leal One of our analysts recently found an interesting injection that has been found on WordPress installations. Installed by hacker, it is used to hide a…
Defunct Malware Can Cause Problems Too
Harshad Mane Recently our incident response analyst Harshad Mane worked on a site that redirected users to a third-party malicious site whenever they logged into the WordPress…
Thousands of Redirecting Files
Denis Sinegubko We recently cleaned a site where we found thousands of malicious files with the following content: <?php header ( “HTTP/1.1 301 Moved Permanently” ) ;…
ThinkPHP 5.x – Remote Code Execution Actively Exploited In The Wild
John Castro Earlier this year, we noticed an increase in attacks aiming at ThinkPHP. ThinkPHP is a PHP framework that is very popular in Asia. If you…
Social Warfare Vulnerability Probes
After a recent disclosure of the Social Warfare plugin vulnerability, we’ve seen massive attacks that inject malicious JavaScripts into the plugin options. The vulnerability has…
Conditional redirection to an online pharmacy store
Moe O During an investigation, a client reported some weird behavior from all incoming visits during their Google search engine result clicks are instantly redirected to an…
Super Amazon Banners Plugin Gone Rogue
Krasimir Konov During a recent investigation we found the plugin Super Amazon Banners to be serving malware/spam via the domain seoranker[.]info. We suspect that the domain expired…
Multi-Vector Attack in Server Logs
We recently noticed an increase on suspicious requests in our logs which reveal a planned attack against the Social Warfare plugin. Bad actors added this…
From Fake Updates to Unwanted Redirects
At the end of February, we wrote about a massive wave of site infections that pushed fake browser updates. In the beginning of March, the…
Fake Parameters Conceal a Backdoor
We found this backdoor in the middle of the logrss.php file that defined the JDocumentRendererRSS class. …function jregisterClass() { // merge arrays $info = array_merge($_REQUEST,$_COOKIE); //…