Fake Browser Updates Push Ransomware and Bank Malware
Denis Sinegubko Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request…
Browsing Category
Website Malware Infections
858 posts
Google Analytics and Angular in Magento Credit Card Stealing Scripts
Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious…
Add Security to Your Website Agency Portfolio
Eli Lopez As a website industry professional, you are aware of the importance of website security. This is especially true when managing 10 or more sites. How…
Fake Parameters Conceal a Backdoor
We found this backdoor in the middle of the logrss.php file that defined the JDocumentRendererRSS class. …function jregisterClass() { // merge arrays $info = array_merge($_REQUEST,$_COOKIE); //…
How to Prevent Cross-Site Contamination for Beginners
Josh Hammer What is Cross-Site Contamination? Cross-site contamination happens when a hacked site infects other sites on a shared server. Think of it as your kid in…
Spam Injector Disguised as License Key in WordPress Website
Moe O Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our…
Spam Injector Disguised as a License Key
A client reported some weird spam URLs injected on their WordPress website and after an investigation, it turned out that the hacker was hiding the…
My Website Was Hacked on Christmas Eve
Val Vesa Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree,…
Array String Obfuscation
Luke Leal We continue to see an increase in the number of these PHP injections that use multiple obfuscation methods to evade detection, but lately one method…
Side Effects of the Site_url Hack
We\’ve been cleaning many sites infected by the so-called site_url hack–the result of the WP GDPR Compliance plugin vulnerability. The sites are broken because their…
A Scam-Free Cyber Monday for Online Businesses
Juliana Lewis Every year we see an increase in website attacks during the holidays. While business owners see their sales go up due to promotional Black Friday…