Hex’ing the CSS Style Attribute for Black Hat SEO
Ahmad Azizan Idris Dealing with Black Hat SEO injections on our daily operation is always fun and challenging at the same time. One day, we may work with…
Browsing Category
Website Malware Infections
862 posts
array_diff_ukey Usage in Malware Obfuscation
Luke Leal We discovered a PHP backdoor on a WordPress installation that contained some interesting obfuscation methods to keep it hidden from prying eyes: $zz1 = chr(95).chr(100).chr(101).chr(115).chr(116).chr(105).chr(110).chr(97).chr(116).chr(105).chr(111).chr(110);…
Images Loading Credit Card Swipers
Denis Sinegubko We’ve come across an interesting approach to injecting credit card swipers into Magento web pages. Instead of injecting a real script, attackers insert a seemingly…
xmlrpc.php Brute Force Tool
We discovered a xmlrpc.php brute-force tool in a malicious PHP script that appears to have been uploaded months ago after a vulnerable GDPR plugin exploit:…
Replica Spam on Poorly Maintained ASP Site
Although the majority of sites we work on are powered by PHP, we still have clients whose sites use other programming languages. The other day…
Cronjob Backdoors
Cesar Anjos Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level…
How Stolen Ecommerce Data is Sold on the Darknet
We have recently published posts regarding banking malware and some of the ways it uses compromised websites to infect victim’s devices (smartphones, computers, POS terminals).…
Typo 3 Spam Infection
Ben Martin Here at Sucuri most of the malware that we deal with is on CMS platforms like: WordPress, Joomla, Drupal, Magento, and others. But every now…
Fake relatable domain used to distribute ads
Krasimir Konov Malicious users try to hide their malicious scripts in many ways these days, some more clever then others, in this case we look at a…
Free Premium themes? There’s always a catch
Pedro Peixoto OK, so we’ve all been there. We want something Premium, such as a paid version of an app or piece of software, but it would…
WP Plugin Hider
One of our analysts recently found an interesting injection that has been found on WordPress installations. Installed by hacker, it is used to hide a…