Fake AmeriCommerce Shopping Cart
Denis Sinegubko Our malware analyst Liam Smith recently found malware on a client’s site that targets ecommerce sites powered by AmeriCommerce software. A popular ecommerce software solution…
Browsing Category
Website Malware Infections
840 posts
Simple WAF Evasion Backdoor
Luke Leal Our team recently located a malicious PHP file on a compromised website which claims to evade web application firewalls, with the intention of downloading a…
Zen Cart “PayPal” Skimmer
While we mostly see skimmers on Magento based websites, this does not mean that less-popular ecommerce platforms are safe from infections with similar payment information…
Magento Skimmer Found Loading from magecart[.]net
We recently came across a simple Magento credit card skimmer found on a compromised website that was loading from the malicious domain magecart[.]net. The malicious…
Clean Logs After Rooting Bash Script
During an active research investigation, we found an interesting bash script described by the author as Clean Logs After Rooting. This script is used once…
WordPress Mass Password Changer
Our team recently came across a password changer for WordPress that allows attackers to modify WordPress user passwords within a compromised environment. By default, the…
Top 10 Sucuri Research Articles in 2019
Justin Channell As we settle into 2020, it’s a good time to look back at what was learned in the previous year. After all, the past provides…
What is Cross-Site Contamination?
Juliana Lewis How many websites do you currently have on your server? If the answer is something along the lines of, “One that I really care about,…
5 Year Anniversary of the SoakSoak Malware Tsunami
This is a story about the SoakSoak malware campaign that proved that you can’t underestimate impact of security issues in popular premium software. These days,…
How Websites Are Used to Spread Emotet Malware
In past posts, we’ve discussed the more popular reasons why hackers target smaller websites. Today, we’ll focus instead on how hackers use compromised websites to…
Why Hackers Create Phishing Campaigns
Antony Garand Phishing is a malicious attempt to obtain personally identifiable information of a victim. The first thing to keep in mind about phishing is the goal…