Backdooring sites using exotic php functions
John Castro Throughout the last few months, we published multiple articles about simple but powerful backdoors and how attackers get creative. Virtually in all cases, the code…
Browsing Category
Website Malware Infections
839 posts
Hiding malicious code from the user using white spaces
Yuliyan Tsvetkov Over the years, attackers have used different techniques for hiding malicious files on websites. They obfuscated code, changed legit functions to execute malware, modified whole…
RCE Attempts Against the Latest WordPress REST API Vulnerability
Daniel Cid We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability. These RCE attempts started today after…
JavaScript Injections Leads to Tech Support Scam
Krasimir Konov During a recent malware investigation, we found some interesting obfuscated Javascript code. This code pretends to appear as part of the popular AddThis social sharing…
Checking blacklisted domains or IP for spamming
Luke Leal Often times we will encounter websites that have been injected with a redirect and these can vary from blackhat SEO tactics for boosting domain rankings…
RealStatistics Goes TrafficAnalytics
Rodrigo Escobar In the last few months, our Incident Response Team detected an interesting malicious code that affected a high number of websites. This malware is a…
Joomla admin login bypass – set your UA for full admin access
Every day we analyse hundreds of new malicious files. Some of them are simple backdoors, injected iframes, or one liner defacements. Another type of malware,…
Fake Google Analytics tracking code leading to Adware
Our Incident Response process makes sure we remove all malicious files and other small pieces of code inserted in good files that could be used…
Amazon Affiliate Cookie Stuffing
Denis Sinegubko We wrote a lot about malware in invisible iframes. This story is about a different type of invisible iframes that hackers may place on your…
Fake bb_press Plugin Redirects to Mobile Pornography
Fernando Barbosa When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain access…
Hooking WordPress Class to Hide Malicious Users
When a website is compromised, attackers perform post-exploitation tasks to maintain access to the site for as long as possible. One of these actions is…