Unwanted Ads via Baidu Links
Denis Sinegubko The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were…
Browsing Category
WordPress Security
666 posts
Obfuscation Through Legitimate Appearances
Peter Gramantik Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder.…
New Guide on How to Clean a Hacked Website
Juliana Lewis Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research…
Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins
On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating…
SQLi Vulnerability in YITH WooCommerce Wishlist
John Castro As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress.…
Malicious Website Cryptominers from GitHub. Part 2.
Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time, we noticed another attack…
Reverse Javascript Injection Redirects to Support Scam on WordPress
Ben Martin Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri…
Javascript Injection Creates Rogue WordPress Admin User
Douglas Santos Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection…
Reversed URLs Randomly Redirect to Scams
We are seeing hundreds of infected WordPress sites with the following scripts (in one line) injected in random places in wp_posts table. $vTB$I_919AeEAw2z$KX=function(n){if (typeof ($vTB$I_919AeEAw2z$KX.list[n])…
Malicious Cryptominers from GitHub
Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site. Our investigation revealed a hidden…
Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites
Update Dec. 8 2017: The cloudflare[.]solutions domain has now been taken down. A few weeks ago, we wrote about a massive WordPress infection that injected an…