When Online Shopping leads to Malware download
Ahmad Azizan Idris Recently, during an incident response process, we worked on an interesting Magento website. This site was reported to having a strange redirection when users visited…
Browsing Category
Website Malware Infections
858 posts
Expired Domain Leads to WordPress Plugin Redirects
Krasimir Konov A malicious redirect is a snippet of code used by attackers with the intention of redirecting visitors to another site; a very common tactic seen…
Small One-liner Backdoor
Samuel Odendaal During an incident response investigation, we detected an interesting backdoor that was small but had the potential to give the attacker full access to your…
JavaScript Used to Generate Malicious Documents
When talking about compromised environments, we often think that the website itself is the end goal but that’s not always true. In some cases, attackers…
Decoding Complex Malware – Step-by-Step
Rodrigo Escobar When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code…
Mobile Malware Targets eCommerce Websites & Users
Moe O A mobile malware is a malicious software that targets mobile/smartphones, tablets and similar devices. The attacks may vary from fatal damage to the OS (bricking)…
PHP Script Nukes All Website Files
Ben Martin Most malware and spam that we come across has some sort of discernable purpose to it, usually something which benefits the attackers financially. This is…
Register My Backdoor – Unorthodox Invocation Mechanisms
Denis Sinegubko Backdoors are found in 72% of infected websites, according to our latest reports. Backdoors are files left on the server by attackers in order to retain…
Malicious Backdoor Hidden Inside Fake Image
During an incident response investigation, we detected an interesting backdoor that was hidden in a fake image. The attacker was quite creative in creating an…
Protecting Phishing Pages via .htaccess
Yuliyan Tsvetkov Phishers usually want to protect their pages from being detected by search engines and security companies. To achieve that, they add .htaccess files that deny…
A Simple Prestashop Login Swiper
Conrado Torquato In a compromised environment, attackers may inject malicious code into different files, including the core of different CMSs, in order to maintain access to the…