Plugins added to Malware Campaign: November 2019
John Castro This is an update for the long-lasting malware campaign targeting vulnerable plugins since January. Please check our previous updates below: Multi-Vector Attack in Server Logs:…
Browsing Category
WordPress Security
674 posts
Another Fake Google Domain: fonts.googlesapi.com
Luke Leal Our Remediation team lead Ben Martin recently found a fake Google domain that is pretty convincing to the naked eye. The malicious domain was abusing…
Wrong content-type to XSS
WordPress Social Sharing Plugin – Sassy Social Share, which currently has over 100000 installations just fixed a Cross Site Scripting Vulnerability. This bug allows attackers…
Vulnerable Versions of Adminer as a Universal Infection Vector
Denis Sinegubko This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting…
Skimmers for Both Magento and WordPress
We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS. When discussing credit card skimmers…
Plugins added to Malware Campaign: October 2019
This is an update for the long-lasting malware campaign targeting vulnerable plugins during August and September. Please check our previous updates below: Multi-Vector Attack in…
Pharma Spam Redirects to .su & .eu Sites
We regularly clean all sorts of black hat SEO infections. During these infection cleanups, we often find compromised websites redirecting visitors to fake “Canadian Pharmacy”…
Data URLs and HTML Entities in New WordPress Malware
Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types. Scripts as Data URLs The first…
Fake UpdraftPlus Plugins
We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins…
Cryptominers & Backdoors Found in Fake Plugins
Krasimir Konov When cleaning websites, we regularly find phishing pages, malicious code injected into files, and SEO spam. However, over the past couple of months we’ve also…
Plugins added to Malware Campaign: September 2019
This is an update for the long-lasting malware campaign targeting vulnerable plugins during August and September. Please check our previous updates below: Multi-Vector Attack in…