Super Amazon Banners Plugin Gone Rogue
Krasimir Konov During a recent investigation we found the plugin Super Amazon Banners to be serving malware/spam via the domain seoranker[.]info. We suspect that the domain expired…
Browsing Category
Website Malware Infections
862 posts
Multi-Vector Attack in Server Logs
John Castro We recently noticed an increase on suspicious requests in our logs which reveal a planned attack against the Social Warfare plugin. Bad actors added this…
![More on Dnsden[.]biz Swipers and Radix Obfuscation](https://blog.sucuri.net/wp-content/uploads/2019/03/03192019-uncommon-radixes-uses-in-malware-obfuscation-update_blog-390x183.jpg)
More on Dnsden[.]biz Swipers and Radix Obfuscation
Denis Sinegubko After recent publication of the Uncommon Radixes Used in Malware Obfuscation article, we found an interesting Twitter thread involving @EKFiddle and @Ledtech3 #EKFiddle [Regex update]:…
From Fake Updates to Unwanted Redirects
At the end of February, we wrote about a massive wave of site infections that pushed fake browser updates. In the beginning of March, the…
Fake Browser Updates Push Ransomware and Bank Malware
Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request…
Google Analytics and Angular in Magento Credit Card Stealing Scripts
Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious…
Add Security to Your Website Agency Portfolio
Eli Lopez As a website industry professional, you are aware of the importance of website security. This is especially true when managing 10 or more sites. How…
Fake Parameters Conceal a Backdoor
We found this backdoor in the middle of the logrss.php file that defined the JDocumentRendererRSS class. …function jregisterClass() { // merge arrays $info = array_merge($_REQUEST,$_COOKIE); //…
How to Prevent Cross-Site Contamination for Beginners
Josh Hammer What is Cross-Site Contamination? Cross-site contamination happens when a hacked site infects other sites on a shared server. Think of it as your kid in…
Spam Injector Disguised as License Key in WordPress Website
Moe O Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our…
Spam Injector Disguised as a License Key
A client reported some weird spam URLs injected on their WordPress website and after an investigation, it turned out that the hacker was hiding the…