Spam Injector Disguised as a License Key
Moe O A client reported some weird spam URLs injected on their WordPress website and after an investigation, it turned out that the hacker was hiding the…
Browsing Category
Sucuri Labs
336 posts
Array String Obfuscation
Luke Leal We continue to see an increase in the number of these PHP injections that use multiple obfuscation methods to evade detection, but lately one method…
Side Effects of the Site_url Hack
Denis Sinegubko We\’ve been cleaning many sites infected by the so-called site_url hack–the result of the WP GDPR Compliance plugin vulnerability. The sites are broken because their…
Fake Wp.org/jquery.js
There is a long-lasting malware campaign (dating back to at least 2016) that injects fake jQuery scripts: <script type=”text/javascript” src=”hxxps://www.XX[X]wp[.]org/jquery.js”></script> Where XX[X] are 2 or…
Multi-Vector WordPress Infection from Examhome
This September, we’ve been seeing a massive infection wave that injects malicious JavaScript code into .js, .php files and the WordPress database.> The script looks…
“Google Fonts” popup leads to malware
A recent malware injection in a client\’s WordPress file was found to be targeting website visitors that were using the Google Chrome browser to access…
Fake Cloudflare Injection
Fioravante Souza Seeing malicious campaigns using domain names that resemble big market players is not news anymore. This time I\’ll talk about the new redirects of cloudflare.pw.****…
Obfuscated JavaScript Crypto Miner
Samuel Odendaal During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, Crypto Miners were ran on customers visiting the…
How Some OTP Systems Can Be Used to Prank Spam
I recently came across an interesting index.php file and its corresponding directory on a compromised website. I loaded it in a testing environment and immediately…
Hardening WordPress on Apache, Nginx, or IIS
Alycia Mitchell Server configuration files allow administrators to restrict access and make changes at the server level. Depending on the server software you use, there are different…
Using Innocent roles to hide admin users
Cesar Anjos All across the internet we find guides and tutorials on how to keep your WordPress site secure, and they all approach the concept of user…