Phishing the Right Phish
Fernando Barbosa Social engineering techniques, like phishing, can be powerful in persuading users into performing specific actions or disclosing confidential information. In these types of scenarios, attackers…
Browsing Category
Website Malware Infections
858 posts
Yet Another Expired Domain causes WP Plugin to Redirect Users
Krasimir Konov Malicious redirects are very common in compromised websites. Attackers try to take advantage of the site resources to promote spam, distribute other malware/backdoors, and perform…
When Your Plugins Turn Against You
Cesar Anjos Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations…
Undesired Redirects
Whether it is your own or a website you are visiting, undesired redirects and pop-ups are always annoying. The situation gets worse when your visitors…
How Undefined Variables Can Give You RCE
When investigating a compromised website, our team has to make sure that all malware and backdoors are cleared from the environment. In some instances, these…
The elegant dropper – reusable code for PHP shell installation
Yuliyan Tsvetkov During our malware research role, we analyze hundreds (if not thousands) of malware samples every day. Quite often, highly-obfuscated techniques are used by attackers to…
Simple $_COOKIE backdoor (variation)
There are many ways to develop a backdoor and virtually all of them share a similar goal – not to be discovered. To achieve that,…
Tricky malvertising injections
Abdelli Nassereddine When a website is compromised, one of the most interesting and challenging tasks we perform is identifying all malware to prevent attackers from regaining access…
Fake WordPrssAPI Stealing Cookies and Hijacking Sessions
Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing…
Client-Side or Server-Side Script?
Denis Sinegubko We’ve already described several times how credit card stealing malware hides a data collecting script behind an image URL. When people see URLs that end…
WordPrssAPI Steals Your Cookies
Cookies are an important part of a visiting session on a website. It is used not only to keep track of actions taken on a…