Closed Source E-commerce Platforms Can Be Compromised
Krasimir Konov These days, the majority of store owners opt-in for the easiest closed-source ecommerce platform options. For the most part, these platforms typically allow users to…
Browsing Category
Website Malware Infections
837 posts
Malware-Serving Spam to Search Engine Bots
We recently discovered this malware with a list of IP ranges belonging to search engines that are serving them SEO spam. It even takes a…
PHP Backdoor Evaluates XOR Encrypted Requests
Luke Leal In the past, we’ve mentioned how the PHP XOR bitwise operator (represented by the caret ^) can be used to encrypt a malware’s source code.…
Malware Campaign Evolves to Target New Plugins: May 2019
John Castro A long-lasting malware campaign targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites. Easily automated…
Threat intelligence gathering from slight changes in malicious code samples
We found the following PHP backdoor in August 2018 along with other malware samples uploaded after hackers exploit a specific vulnerable WordPress plugin covered in…
Hosting page templates causing your website ad campaign to be blocked
Cesar Anjos It’s quite common that hosting providers have templates set for pages like 40x and 50x error pages but it’s uncommon for those templates to have…
W97M/Downloader Malware Dropper Served from Compromised Websites
Bruno Zanelato W97M/Downloader is part of a large banking malware operation that peaked in March 2016. Bad actors have been distributing this campaign for well over a…
Hex’ing the CSS Style Attribute for Black Hat SEO
Ahmad Azizan Idris Dealing with Black Hat SEO injections on our daily operation is always fun and challenging at the same time. One day, we may work with…
array_diff_ukey Usage in Malware Obfuscation
We discovered a PHP backdoor on a WordPress installation that contained some interesting obfuscation methods to keep it hidden from prying eyes: $zz1 = chr(95).chr(100).chr(101).chr(115).chr(116).chr(105).chr(110).chr(97).chr(116).chr(105).chr(111).chr(110);…
Images Loading Credit Card Swipers
Denis Sinegubko We’ve come across an interesting approach to injecting credit card swipers into Magento web pages. Instead of injecting a real script, attackers insert a seemingly…
xmlrpc.php Brute Force Tool
We discovered a xmlrpc.php brute-force tool in a malicious PHP script that appears to have been uploaded months ago after a vulnerable GDPR plugin exploit:…