How Undefined Variables Can Give You RCE
Fernando Barbosa When investigating a compromised website, our team has to make sure that all malware and backdoors are cleared from the environment. In some instances, these…
Browsing Category
Website Malware Infections
865 posts
The elegant dropper – reusable code for PHP shell installation
Yuliyan Tsvetkov During our malware research role, we analyze hundreds (if not thousands) of malware samples every day. Quite often, highly-obfuscated techniques are used by attackers to…
Simple $_COOKIE backdoor (variation)
There are many ways to develop a backdoor and virtually all of them share a similar goal – not to be discovered. To achieve that,…
Tricky malvertising injections
Abdelli Nassereddine When a website is compromised, one of the most interesting and challenging tasks we perform is identifying all malware to prevent attackers from regaining access…
Fake WordPrssAPI Stealing Cookies and Hijacking Sessions
Cesar Anjos Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing…
Client-Side or Server-Side Script?
Denis Sinegubko We’ve already described several times how credit card stealing malware hides a data collecting script behind an image URL. When people see URLs that end…
WordPrssAPI Steals Your Cookies
Cookies are an important part of a visiting session on a website. It is used not only to keep track of actions taken on a…
Website Malware: Unwanted Exit to YourBrexit
Some website hacks aim to make some political statements. Defacements are well known for this. Some infections redirect visitors to scam sites that push (usually…
Titles, Imprints and Marks Left by Attackers
Jose Martinez Some attackers seem to like signing their scripts. This fact is especially true for defacements and backdoors, where attackers show their pride stating that they…
Malicious Image Defacement Hidden from Search Engines
After carefully designing a theme and images that represent your brand, nothing is worse than seeing a malicious image suddenly associated with your business or…
WordPress Security – Unwanted Redirects via Infected JavaScript Files
We’ve been watching a specific WordPress infection for several months and would like to share details about it. The attacks inject malicious JavaScript code into…