From Privacy to Exfiltration: Telegram’s Role in Website Malware
Krasimir Konov Telegram, a name synonymous with secure messaging, has paradoxically become a tool for cybercriminals who abuse the strengths of the platform to target unsuspecting websites.…
Browsing Category
Website Malware Infections
840 posts
Server Side Credit Card Skimmer Lodged in Obscure Plugin
Ben Martin Attackers are always finding new ways to inject malware into websites and new ways to obscure it to avoid detection, but they’re always up to…
Mal.Metrica Redirects Users to Scam Sites
One of our analysts recently identified a new Mal.Metrica redirect scam on compromised websites, but one that requires a little bit of effort on the…
JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS
Denis Sinegubko Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The…
Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker
Matt Morrow In recent months, we have encountered a number of cases where attackers inject malware into website software that allows for custom or miscellaneous code —…
Web Shells: Types, Mitigation & Removal
Cesar Anjos Web shells are malicious scripts that give attackers persistent access to compromised web servers, enabling them to execute commands and control the server remotely. These…
Sign1 Malware: Analysis, Campaign History & Indicators of Compromise
A new client recently came to us reporting seemingly random pop ups occurring on their website. While it was clear that there was something amiss…
What is .htaccess Malware? (Detection, Symptoms & Prevention)
The .htaccess file is notorious for being targeted by attackers. Whether it’s using the file to hide malware, redirect search engines to other sites with…
New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3
Puja Srivastava In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup Builder WordPress plugin which was…
From Web3 Drainer to Distributed WordPress Brute Force Attack
Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects…
New Wave of SocGholish Infections Impersonates WordPress Plugins
SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This…