Side Effects of the Site_url Hack
Denis Sinegubko We\’ve been cleaning many sites infected by the so-called site_url hack–the result of the WP GDPR Compliance plugin vulnerability. The sites are broken because their…
Browsing Category
Website Malware Infections
838 posts
A Scam-Free Cyber Monday for Online Businesses
Juliana Lewis Every year we see an increase in website attacks during the holidays. While business owners see their sales go up due to promotional Black Friday…
Fake Wp.org/jquery.js
There is a long-lasting malware campaign (dating back to at least 2016) that injects fake jQuery scripts: <script type=”text/javascript” src=”hxxps://www.XX[X]wp[.]org/jquery.js”></script> Where XX[X] are 2 or…
Backdoor Uses Paste Site to Host Payload
Bruno Zanelato Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found…
Multi-Vector WordPress Infection from Examhome
This September, we’ve been seeing a massive infection wave that injects malicious JavaScript code into .js, .php files and the WordPress database.> The script looks…
Outdated Duplicator Plugin RCE Abused
Peter Gramantik We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked…
Unsuccessfully Defaced Websites
Luke Leal Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages…
“Google Fonts” popup leads to malware
A recent malware injection in a client\’s WordPress file was found to be targeting website visitors that were using the Google Chrome browser to access…
How to Improve Your Website Security Posture – Part II
AJ Syed Ali In the first post of this series, we discussed some of the main website security threats. Knowing the website security environment is a vital part…
Fake Font Dropper
Moe O Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate the unusual website behavior…
Fake Plugins with Popuplink.js Redirect to Scam Sites
Since July, we’ve been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection involves the tiny.cc…