Malicious Curl Downloader
Krasimir Konov If you want to easily download and save remote files, curl is an excellent command-line tool for Windows and Unix. It supports HTTP, HTTPS, and…
Browsing Category
Sucuri Labs
336 posts
Vulnerabilities Digest: May 2020
John Castro Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs WP Product Review Unauthenticated Stored XSS 3.7.6 40000 Form Maker by 10Web Authenticated SQL Injection —…
Unauthenticated Stored Cross Site Scripting in WP Product Review
During a routine research audit for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users of the WP Product Review…
B374k Web Shell Packer
Luke Leal PHP web shells are a type of backdoor which, when left on compromised websites, allow attackers to maintain unauthorized access after initial compromise. To further…
Vulnerabilities Digest: April 2020
Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Widget Settings Importer/Exporter Stored XSS Closed 40000 Accordion Stored/Reflected XSS 2.2.9 30000 Support Ticket System By…
WordPress Admin Login Stealer
During an investigation, we identified a WordPress login stealer using the PHP functions curl and file_get_contents. The malicious code was injected into the core file…
Web Skimmer With a Domain Name Generator – Follow Up
Denis Sinegubko This note is a follow up to our recent post about a web skimmer that uses a dynamic domain name generating algorithm. This week, analyst…
Fake M-Shield WordPress Plugin
During a recent malware investigation, we found a fake WordPress plugin called M-Shield. We also found almost an identical plugin under the name kingof, with…
Magento JavaScript Skimmer Targets Tarjetas de Crédito
A website owner recently contacted us regarding a payment problem on their Magento website. A suspicious payment card form was loading for customers who were…
Spl_autoload Backdoor
With backdoors, one of the main challenges for malware authors is to execute code without using obvious functions (such as eval, asset, create_function, etc.) that…
Phishing with a COVID-19 Lure
It’s not uncommon to see criminals use disasters or current events to enhance their social engineering tactics, and the recent COVID-19 pandemic is no different.…