The Hidden PHP Malware that Reinfects Cleaned Files
Luke Leal Website reinfections are a serious problem for website owners, and it can often be difficult to determine the cause behind the reinfection — especially if…
Browsing Category
Website Malware Infections
837 posts
phpbash – A Terminal Emulator Web Shell
It’s common for hackers to utilize post-compromise tools that contain a graphical user interface (GUI) that can be loaded in the web browser. A GUI…
WordPress Malware Disables Security Plugins to Avoid Detection
An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if…
Using assert() to Execute Malware in PHP 7 Environments
Krasimir Konov Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x,…
COVID-19 Chloroquine Pharmaspam
A recent SiteCheck scan of an organization’s website showed an interesting pharmacy spam injection targeting COVID-19-related pages of websites. The HTML that was flagged by…
CDN-Filestore Credit Card Stealer for Magento
During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain…
Smoker Backdoor: Evasion Techniques in Webshell Backdoors
“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware…
String Concatenation: Obfuscation Techniques
While string concatenation has many valuable applications in development — such as making code more efficient or functions more effective — it is also a…
PHP Binary Downloader
When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by…
PHP Backdoor Obfuscated One Liner
In the past, I have explained how small one line PHP backdoors use obfuscation and strings of code in HTTP requests to pass attacker’s commands…
Vulnerabilities Digest: July 2020
John Castro Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0…