The elegant dropper – reusable code for PHP shell installation
Yuliyan Tsvetkov During our malware research role, we analyze hundreds (if not thousands) of malware samples every day. Quite often, highly-obfuscated techniques are used by attackers to…
Browsing Category
Sucuri Labs
336 posts
Simple $_COOKIE backdoor (variation)
Fernando Barbosa There are many ways to develop a backdoor and virtually all of them share a similar goal – not to be discovered. To achieve that,…
Tricky malvertising injections
Abdelli Nassereddine When a website is compromised, one of the most interesting and challenging tasks we perform is identifying all malware to prevent attackers from regaining access…
Client-Side or Server-Side Script?
Denis Sinegubko We’ve already described several times how credit card stealing malware hides a data collecting script behind an image URL. When people see URLs that end…
WordPrssAPI Steals Your Cookies
Cesar Anjos Cookies are an important part of a visiting session on a website. It is used not only to keep track of actions taken on a…
Titles, Imprints and Marks Left by Attackers
Jose Martinez Some attackers seem to like signing their scripts. This fact is especially true for defacements and backdoors, where attackers show their pride stating that they…
WebSockets, Viagra and Fake CloudFlare CDN
Recently we’ve seen some WordPress websites displaying unwanted banners at the bottom of the page which appear 15 seconds after browsing the website. Those banners…
Attackers Silently add new user with Administrator role to WordPress sites
Attackers tend to get smarter in order to avoid detection, as well as gain access to your WordPress site. They use legit functions of the…
doc.google.com.TROJAN
During an incident response process, we identified some files located at a website’s root folder. Although they had different filenames (post.php, news.php, home.php, etc), they…
Set your Cookie, Execute a Command
Backdoors evolve. They tend to get more complex, harder to understand and harder to decode, but this is not always the case. Most of the…
One, two, three… CC stolen!
Attackers work hard to make their code very well hidden from the victim and antivirus products, however they might leave some fingerprints (usually not on…