Cryptomining Dropper and Cronjob Creator
Luke Leal Recently, someone reached out to us about a malicious process they had discovered running on their web server. This process was maxing out the CPU,…
Browsing Category
Website Malware Infections
864 posts
Malware Infection from One Directory Up
Mohit Jawanjal Malicious code can reside anywhere on the site — not just in the web directory of the folder. During a recent incident response, all pages…
Lightbox Adware – From Innocent Scripts to Malicious Redirects
Cesar Anjos It’s no news that webmasters commonly make use of external scripts to add more features to their site, but things can turn out for the…
Hiding a Hacktool Using a .jpg Extension
Gabriel Barbosa Hackers will do anything to hide their intentions behind the files they upload to compromised websites. This time, we’ve found a hacktool hidden inside a…
Stored XSS in MyBB <= 1.8.20
Marc-Alexandre Montpas The open source PHP forum software myBB recently published a new update, version 1.8.21. This is a security release fixing a Stored XSS vulnerability in…
Korean Gambling and Call Girl Spam on Hacked and Non-hacked Sites
Denis Sinegubko This blog post talks about how a web spam campaign that targets only one country may create problems for sites owners around the world —…
Closed Source E-commerce Platforms Can Be Compromised
Krasimir Konov These days, the majority of store owners opt-in for the easiest closed-source ecommerce platform options. For the most part, these platforms typically allow users to…
Malware-Serving Spam to Search Engine Bots
We recently discovered this malware with a list of IP ranges belonging to search engines that are serving them SEO spam. It even takes a…
PHP Backdoor Evaluates XOR Encrypted Requests
In the past, we’ve mentioned how the PHP XOR bitwise operator (represented by the caret ^) can be used to encrypt a malware’s source code.…
Malware Campaign Evolves to Target New Plugins: May 2019
John Castro A long-lasting malware campaign targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites. Easily automated…
Threat intelligence gathering from slight changes in malicious code samples
We found the following PHP backdoor in August 2018 along with other malware samples uploaded after hackers exploit a specific vulnerable WordPress plugin covered in…