Web shell downloader – simple attempt to avoid detection
Yuliyan Tsvetkov When dealing with compromised scenarios, our team has to be very thorough to remove all pieces of malware in the infected website. Most of the…
What is Steganography? (Or, How Hackers Hide Malware On Websites)
Rianna MacLeod As a child, I loved sending secret messages to my friends using invisible ink. A quick squeeze of lemon juice was all I needed to…
Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS
Puja Srivastava We often write about malware that steals payment information from sites built with Magento and other types of e-commerce CMS. However, WordPress has become a…
Sign1 Malware: Analysis, Campaign History & Indicators of Compromise
Ben Martin A new client recently came to us reporting seemingly random pop ups occurring on their website. While it was clear that there was something amiss…
WordPress Vulnerability & Patch Roundup March 2024
Sucuri Malware Research Team Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
What is .htaccess Malware? (Detection, Symptoms & Prevention)
The .htaccess file is notorious for being targeted by attackers. Whether it’s using the file to hide malware, redirect search engines to other sites with…
What is php.ini? Where It’s Located, How to Edit & Common Directives
The php.ini file, a critical configuration file containing your web server’s PHP settings, is integral to the functioning of your website. Each time PHP initiates,…
Sucuri WordPress Plugin Updates for 2024
At Sucuri, we believe in making the internet safe for everyone. One way we show this is through our free WordPress security plugin. The Sucuri…
What is File Integrity Monitoring (FIM)?
What is file integrity monitoring? File Integrity Monitoring (FIM) is a security measure that checks and compares files against a known baseline to detect any…
New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3
In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup Builder WordPress plugin which was…
From Web3 Drainer to Distributed WordPress Brute Force Attack
Denis Sinegubko Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects…