Website Malware Infections- Website Security News

Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign

Denis Sinegubko
December 14, 2023

On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com…

Read the Post

40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager

Denis Sinegubko
December 7, 2023

Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly…

Read the Post

Credit Card Skimming WooCommerce WebSockets

Skimming Credit Cards with WebSockets

Ben Martin
November 30, 2023

If you were to believe shopping mall merchants, you’d think the holiday season starts immediately after Halloween. Christmas trees and candy canes abound, along with…

Read the Post

New Guide How to Clean Malware from Hacked Database

New Hacked Database Guide

Rianna MacLeod
November 2, 2023

Your website’s database is a treasure trove of valuable information. However, this also makes it a prime target for hackers looking to steal sensitive data…

Read the Post

FakeUpdateRU Infection Spreads Trojan Malware

FakeUpdateRU Chrome Update Infection Spreads Trojan Malware

Ben Martin
October 25, 2023

Fake Google chrome update malware, often associated with the notorious SocGholish infection, is something that we have been tracking for a number of years. It…

Read the Post

Tampered OpenCart Authentication Aids Credit Card Skimming Attack

Ben Martin
October 19, 2023

Using out of date software is the leading cause of website compromise, so keeping your environment patched and up to date is one of the…

Read the Post

Malware hidden in non-executable .txt and .log files

Shifting Malware Tactics & Use of Non-Executable .txt & .log Files

Krasimir Konov
October 17, 2023

The malware landscape is constantly evolving — and bad actors are always devising new techniques to evade detection. Our analysts most commonly find website malware…

Read the Post

Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins

Denis Sinegubko
October 6, 2023

In the middle of September 2023, vulnerability advisory resources disclosed the details of an Unauthenticated Stored XSS vulnerability in the tagDiv Composer (the companion plugin…

Read the Post

How to Find & Fix Japanese SEO Spam

Puja Srivastava
September 19, 2023

Japanese SEO Spam, also known as “Japanese keyword hack” or “Japanese SEO poisoning,” is a spammy search engine optimization technique used by black hat SEO…

Read the Post

Magecart stealing credit card information with a single white invisible pixel

Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images

Ben Martin
September 12, 2023

MageCart infections most often come in the form of complex, obfuscated JavaScript injected into Magento database tables such as core_config_data, or as malicious plugins or…

Read the Post

Bogus URL Shorteners Go Mobile-Only in AdSense Fraud Campaign

Denis Sinegubko
September 5, 2023

Since September 2022, our team has been tracking a bogus URL shortener redirect campaign that started with just a single domain: ois[.]is. By the beginning…

Read the Post