Amazon Affiliate Cookie Stuffing
Denis Sinegubko We wrote a lot about malware in invisible iframes. This story is about a different type of invisible iframes that hackers may place on your…
Browsing Category
Sucuri Labs
336 posts
Hooking WordPress Class to Hide Malicious Users
John Castro When a website is compromised, attackers perform post-exploitation tasks to maintain access to the site for as long as possible. One of these actions is…
Search and Backdoor
Luke Leal The ubiquity of “unlimited” shared hosting platforms has incentivized malware in trying to infect as many adjacent website directories as it can to increase its…
Camouflage does not have to be advanced to be effective
Often times a malware author will try to provide some type of camouflage to their malware’s coding in an effort to disguise an unsuspecting eye…
Database and Image Tricks in Magento Malware
Magento malware that steals details of customer credit cards is a prevalent problem during the last couple of years. We write a lot about various…
Spamming Stopped by Pastebin
We wrote multiple times about malware attacks that store their scripts on Pastebin.com and load them either to the server once they break into it…
Release the Prisoners – Rename .Suspected Backdoors
Andrey Kucherov When webmasters or hosting companies look for malware, they usually search for encrypted code, encoded payloads, suspicious functions and much more. If they happen to…
Web shell downloader – simple attempt to avoid detection
Yuliyan Tsvetkov When dealing with compromised scenarios, our team has to be very thorough to remove all pieces of malware in the infected website. Most of the…
Not that impressive hack tool
There is often a misconception regarding the tools that attackers implement in their malicious activity, and that misconception is that they must be using advanced…
Malicious script injected to WordPress theme allowing Admin Login Bypass
On a daily basis we find different kinds of malware like backdoors, credit card stealers, injected scripts, and phishing pages. While each one of those…
Malicious JavaScript Injected in Plugin Widget
Each and every day the attackers get more clever and exploit new attack vectors. Sucuri Labs recently found a malicious JavaScript hidden in the database…