From Baidu to Google’s Open Redirects
Denis Sinegubko Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam pages.…
Browsing Category
Website Malware Infections
862 posts
Malicious Activities with Google Tag Manager
Cesar Anjos If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say…
Cloudflare[.]solutions Keylogger Returns on New Domains
A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the…
Server-level Cryptominer Injections
During an investigation on a recent case, we came across a malware infection that came directly from the server. Upon further inspection, we found that…
Malicious Website Cryptominers from GitHub. Part 2.
Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time, we noticed another attack…
Reverse Javascript Injection Redirects to Support Scam on WordPress
Ben Martin Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri…
Naive CoinHive Injections
Since CoinHive domain made it into many blacklists, attackers began avoiding linking to the hosted library file https://coinhive .com/lib/coinhive.min.js. Instead, they uploaded this file to…
Reversed URLs Randomly Redirect to Scams
We are seeing hundreds of infected WordPress sites with the following scripts (in one line) injected in random places in wp_posts table. $vTB$I_919AeEAw2z$KX=function(n){if (typeof ($vTB$I_919AeEAw2z$KX.list[n])…
Using Google and Facebook to aid on distribution
Fioravante Souza Every now and then I check my spam mail box for interesting malware (yes, I receive a lot of phishing messages and alerts that my…
Malicious Cryptominers from GitHub
Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site. Our investigation revealed a hidden…
Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites
Update Dec. 8 2017: The cloudflare[.]solutions domain has now been taken down. A few weeks ago, we wrote about a massive WordPress infection that injected an…