Code Comments Reveal SCP 173 Malware
Luke Leal We sometimes find malware code injections that contain strange code comments, which are normally used by programmers to annotate a section of code — for…
Browsing Category
Website Security
1021 posts
ALFA TEaM Shell ~ v4.1-Tesla: A Feature Update Analysis
We’ve seen a wider variety of PHP web shells being used by attackers this year — including a number of shells that have been significantly…
Legacy Mauthtoken Malware Continues to Redirect Mobile Users
Krasimir Konov During malware analysis, we regularly find variations of this injected script on various compromised websites: . The variable “_0x446d” assigns hex encoded strings in different…
CSS-JS Steganography in Fake Flash Player Update Malware
Denis Sinegubko This summer, MalwareBytes researcher Jérôme Segura wrote an article about how criminals use image files (.ico) to hide JavaScript credit card stealers on compromised e-commerce…
Reflected XSS in WordPress v5.5.1 and Lower
Marc-Alexandre Montpas WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug…
P.A.S. Fork v. 1.0 — A Web Shell Revival
A PHP web shell containing multiple functions can easily consist of thousands of lines of code, so it’s no surprise that attackers often reuse the…
Password Security & Password Managers
Art Martori In the spirit of National Cyber Security Awareness Month (NCSAM), let’s talk about a security basic that many people overlook: passwords. These are one of…
R_Evil WordPress Hacktool & Malicious JavaScript Injections
We often see hackers reusing the same malware, with only a few new adjustments to obfuscate the code so that it is more difficult for…
A Quick Glance at Cross-Origin Resource Sharing Security Headers
Northon Torga Thanks to the rapid growth of JavaScript frameworks such as Angular, Vue, and React, CORS has become a popular word in the developer’s vocabulary. When…
Securing Your Online Store for the Holidays
Victor Santoyo Shopping season is here, and so is the opportunity for ecommerce site owners to grow their business and generate revenue. In lieu of the changing…
Magento Phishing Leverages JavaScript For Exfiltration
During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd…