Magento Credit Card Stealer: harilov[.]com
Luke Leal Our Remediation team lead Ben Martin recently discovered a single line obfuscated PHP injection in the main index.php file of a Magento 1.9.x website. It…
Browsing Category
Website Malware Infections
840 posts
Email Scraper: Mass Mail Grabber from Database
One of our Remediation team analysts, Liam Smith, discovered a malicious file on a client’s compromised WordPress website that demonstrates how attackers can use rudimentary…
Fixing “Uncommon Download” Warnings in Google Search Console
Alycia Mitchell Over the past few months, a lot of website owners have received “uncommon download” warnings from Google Search Console. These warnings can be vague, often…
Password Attacks 101
Cesar Anjos One of the most common attacks carried out nowadays is related to cracking passwords, but most people probably just know about brute-forcing. There are, in…
PHP Dropper Concealed in Malicious WordPress Plugin
Moe Obaid – an analyst from our Remediation Team – recently found a PHP dropper that had been installed as a malicious WordPress plugin. Unlike…
Stored XSS in Elementor
Marc-Alexandre Montpas During a routine audit of WordPress plugins last december, we discovered a Stored XSS vulnerability in the very popular Elementor Page Builder plugin, which powers…
Vulnerabilities Digest: January 2020
John Castro Fixed Plugins and Vulnerabilities Plugin Vulnerability Patched Version Installs InfiniteWP Client Login bypass 1.9.4.5 300000 ListingPro Reflected XSS 2.5.4 13000 Travel Booking Stored XSS 2.7.8.6…
Hacked Website Threat Report – 2019
Rianna MacLeod The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop…
Webshell in Fake Plugin /blnmrpb/ Directory
Our team recently discovered a web shell attempting to hide within a fake WordPress plugin directory wp-content/plugins/blnmrpb/. Inside this fake plugin directory were only two…
Web Swiper in Image Title
Denis Sinegubko Cybercriminals regularly try a variety of approaches to hide their malicious code — web skimmers are well known for using all sorts of obfuscation and…
Backdoor Found in Compromised WordPress Environment
Our security analyst Ben Martin recently came across a backdoor in a compromised WordPress installation that had been injected into the first line of the…