PrestaShop GTAG Websocket Skimmer
Ben Martin During a recent investigation we uncovered another credit card skimmer leveraging a web socket connection to steal credit card details from an infected PrestaShop website.…
Browsing Category
Website Malware Infections
836 posts
Attackers Abuse Swap File to Steal Credit Cards
Matt Morrow When it comes to website security, sometimes the most innocuous features can become powerful tools in the hands of attackers. Such was the case in…
New Variation of WordFence Evasion Malware
We recently came across an infected WordPress environment which contained a new variation of WordFence evasion malware using some sneaky tactics to conceal itself from…
Decoding the Caesar Cipher Skimmer
Over the last several weeks we’ve observed an interesting new variation of “gtag” credit card skimming attack with a surprisingly high number of detections so…
SocGholish Malware: What It Is & How to Prevent It
Rianna MacLeod Website malware comes in all shapes and sizes, each with its own unique methods of attack and evasion. One threat making regular headlines is SocGholish,…
2023 Hacked Website & Malware Threat Report
Education is essential for defending your website against emerging threats. That’s why we are thrilled to share our 2023 Hacked Website & Malware Threat Report.…
Hundreds of Websites Targeted by Fake Google Chrome Update Pop-Ups
Puja Srivastava Fake Browser Update campaigns are known for their deceptive tactics used by hackers to trick users into downloading malicious software. These campaigns typically involve injecting…
From Privacy to Exfiltration: Telegram’s Role in Website Malware
Krasimir Konov Telegram, a name synonymous with secure messaging, has paradoxically become a tool for cybercriminals who abuse the strengths of the platform to target unsuspecting websites.…
Server Side Credit Card Skimmer Lodged in Obscure Plugin
Attackers are always finding new ways to inject malware into websites and new ways to obscure it to avoid detection, but they’re always up to…
Mal.Metrica Redirects Users to Scam Sites
One of our analysts recently identified a new Mal.Metrica redirect scam on compromised websites, but one that requires a little bit of effort on the…
JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS
Denis Sinegubko Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The…