Reflected XSS in WordPress v5.5.1 and Lower
Marc-Alexandre Montpas WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug…
Browsing Category
Sucuri Labs
336 posts
P.A.S. Fork v. 1.0 — A Web Shell Revival
Luke Leal A PHP web shell containing multiple functions can easily consist of thousands of lines of code, so it’s no surprise that attackers often reuse the…
R_Evil WordPress Hacktool & Malicious JavaScript Injections
We often see hackers reusing the same malware, with only a few new adjustments to obfuscate the code so that it is more difficult for…
Redirects to YouTube Defacement Channel
During a recent investigation, we found an infected website was redirecting to YouTube after its main index.php file had been modified to include the following…
Backdoor Shell Dropper Deploys CMS-Specific Malware
Krasimir Konov A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and…
GFX Xsender Hack Tool: A Spam Mailer
PHP hack tools are created and used by attackers to help automate frequent or tedious tasks. During a recent investigation, we came across a hack…
Malicious Pop-up Redirects Baidu Traffic
Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want. \ During a recent investigation, we…
Backdoor Obfuscation: tempnam & URL Encoding
In an attempt to avoid detection, attackers and malware authors are always experimenting with different methods to obfuscate their malicious code. During a recent investigation,…
Magento Credit Card Stealing Malware: gstaticapi
Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information.…
Malicious One-Liner Using Hastebin
Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a…
Phishing Page Targets AT&T’s Employee Multi-Factor Authentication
Employees at companies of all sizes can be targets of phishing attacks, but certain corporations or industries can be more valuable to an attacker than…