Hackers Are Just as Vulnerable as You
Luke Leal I came across some interesting defacement pages recently and noticed a peculiar JavaScript injection included within each source code of the defaced websites. As shown…
Browsing Category
Sucuri Labs
336 posts
Fake Font Dropper
Moe O A website owner reached out to us to investigate a weird behavior on their site. It was randomly showing a popup window for a missing…
Magento CC Stealer Reinfector
Cesar Anjos We have seen many times in the past few months how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins,…
JQuory: Cryptomining in Nulled Themes and Plugins.
Denis Sinegubko Three months ago b>@ninoseki</b revealed a group of sites with cryptomining scripts inside jquory.js files (yes, jquory instead of jquery). Coinhive(“I2OG8vGGXjF7wMQgL37BhqG5aVPjcoQL”) is trigged by “jquory.js”.…
Cookie consent script used to distribute malware
Krasimir Konov Since the new website cookie usage regulations in the EU have come into place, many websites have added a warning on their website about how…
Server-level Cryptominer Injections
During an investigation on a recent case, we came across a malware infection that came directly from the server. Upon further inspection, we found that…
Naive CoinHive Injections
Since CoinHive domain made it into many blacklists, attackers began avoiding linking to the hosted library file https://coinhive .com/lib/coinhive.min.js. Instead, they uploaded this file to…
Reversed URLs Randomly Redirect to Scams
We are seeing hundreds of infected WordPress sites with the following scripts (in one line) injected in random places in wp_posts table. $vTB$I_919AeEAw2z$KX=function(n){if (typeof ($vTB$I_919AeEAw2z$KX.list[n])…
Using Google and Facebook to aid on distribution
Fioravante Souza Every now and then I check my spam mail box for interesting malware (yes, I receive a lot of phishing messages and alerts that my…
WP-VCD Malware Comes with Nulled Themes
Recently we wrote about wp-vcd malware that created rogue WordPress admin users (100010010) and injected spam links. Our readers noticed that the “nulled” premium theme…
Backdoor using paste site to host payload
Bruno Zanelato Over the last months, we’ve been talking a lot about new ways to decode complex malwares that involve the usual PHP functions like eval, create_function,…