Malicious Website Cryptominers from GitHub. Part 2.
Denis Sinegubko Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time, we noticed another attack…
Browsing Category
WordPress Security
672 posts
Reverse Javascript Injection Redirects to Support Scam on WordPress
Ben Martin Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri…
Javascript Injection Creates Rogue WordPress Admin User
Douglas Santos Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection…
Reversed URLs Randomly Redirect to Scams
We are seeing hundreds of infected WordPress sites with the following scripts (in one line) injected in random places in wp_posts table. $vTB$I_919AeEAw2z$KX=function(n){if (typeof ($vTB$I_919AeEAw2z$KX.list[n])…
Malicious Cryptominers from GitHub
Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site. Our investigation revealed a hidden…
Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites
Update Dec. 8 2017: The cloudflare[.]solutions domain has now been taken down. A few weeks ago, we wrote about a massive WordPress infection that injected an…
WP-VCD Malware Comes with Nulled Themes
Recently we wrote about wp-vcd malware that created rogue WordPress admin users (100010010) and injected spam links. Our readers noticed that the “nulled” premium theme…
Formidable Forms / Shortcodes Ultimate Exploits In The Wild
Marc-Alexandre Montpas On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Forms plugins are…
SQL Injection in bbPress
During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If…
New wave of wp-vcd Malware
Krasimir Konov Recently we saw a new wave of a known malware that injects malicious WordPress admin users to vulnerable or compromised sites.The malware, well analysed by…
New WordPress Security Guide
Rianna MacLeod WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a…