Fake Plugins with Popuplink.js Redirect to Scam Sites
Denis Sinegubko Since July, we’ve been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection involves the tiny.cc…
Browsing Category
WordPress Security
651 posts
RawGit CDN is Abused by CryptoLoot Cryptominers
Recently, we came across another way to use files from GitHub repositories in malware infections. This time the infections weren’t via GitHub.io, raw.githubusercontent.com, or github.com/<user>/<repository>/raw/…
Using Innocent roles to hide admin users
Cesar Anjos All across the internet we find guides and tutorials on how to keep your WordPress site secure, and they all approach the concept of user…
WordPress Update – 4.9.7 Security & Maintenance Release
Marc-Alexandre Montpas The WordPress team has just released a critical security and maintenance update to resolve a number of bugs and security issues. Included in this release…
CoinImp Cryptominer and Fully Qualified Domain Names
We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period). E.g. “www.example.com”, where “www”…
Google and Facebook Used in Phishing Campaigns
Fioravante Souza We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types…
JQuory: Cryptomining in Nulled Themes and Plugins.
Three months ago b>@ninoseki</b revealed a group of sites with cryptomining scripts inside jquory.js files (yes, jquory instead of jquery). Coinhive(“I2OG8vGGXjF7wMQgL37BhqG5aVPjcoQL”) is trigged by “jquory.js”.…
Unwanted Ads via Baidu Links
The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were…
Obfuscation Through Legitimate Appearances
Peter Gramantik Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder.…
New Guide on How to Clean a Hacked Website
Juliana Lewis Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research…
Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins
On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating…