Cookie Consent Script Used to Distribute Malware
Krasimir Konov Most websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to…
Browsing Category
Website Malware Infections
858 posts
Obfuscated JavaScript Crypto Miner
Samuel Odendaal During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, Crypto Miners were ran on customers visiting the…
RawGit CDN is Abused by CryptoLoot Cryptominers
Denis Sinegubko Recently, we came across another way to use files from GitHub repositories in malware infections. This time the infections weren’t via GitHub.io, raw.githubusercontent.com, or github.com/<user>/<repository>/raw/…
How Some OTP Systems Can Be Used to Prank Spam
Luke Leal I recently came across an interesting index.php file and its corresponding directory on a compromised website. I loaded it in a testing environment and immediately…
Using Innocent roles to hide admin users
Cesar Anjos All across the internet we find guides and tutorials on how to keep your WordPress site secure, and they all approach the concept of user…
Persistent Malicious Redirect Variants
Peter Gramantik It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to…
Ask Sucuri: How Do You Find Website Backdoors?
Juliana Lewis In a previous post, we have explained what website backdoors are and what they look like. Today, we want to focus on ways that we…
CoinImp Cryptominer and Fully Qualified Domain Names
We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period). E.g. “www.example.com”, where “www”…
Google and Facebook Used in Phishing Campaigns
Fioravante Souza We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types…
What are Website Backdoors?
When a site gets compromised, the attackers will often leave some piece of malware behind to allow them access back to the site. Hackers want…
Magento Credit Card Stealer Reinfector
In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal…