WordPress Admin Login Stealer
Krasimir Konov During an investigation, we identified a WordPress login stealer using the PHP functions curl and file_get_contents. The malicious code was injected into the core file…
Duplicated Vulnerabilities in WordPress Plugins
Antony Garand During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post.…
Web Skimmer With a Domain Name Generator – Follow Up
Denis Sinegubko This note is a follow up to our recent post about a web skimmer that uses a dynamic domain name generating algorithm. This week, analyst…
PinnacleCart Server-Side Skimmers and Backdoors
While open-source ecommerce platforms are the most common targets for web skimmers, hackers also target paid-for software — especially if it’s used on high-profile online…
Fake M-Shield WordPress Plugin
During a recent malware investigation, we found a fake WordPress plugin called M-Shield. We also found almost an identical plugin under the name kingof, with…
Obfuscated WordPress Malware Dropper
Luke Leal It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating…
Magento JavaScript Skimmer Targets Tarjetas de Crédito
A website owner recently contacted us regarding a payment problem on their Magento website. A suspicious payment card form was loading for customers who were…
Web Skimmer with a Domain Name Generator
Our security analyst Moe Obaid recently found yet another variation of a web skimmer script injected into a Magento database. The malicious script loads the…
OneTone Vulnerability Leads to JavaScript Cookie Hijacking
A vulnerability in the discontinued WordPress theme OneTone has been added to an ongoing campaign that is targeting vulnerable WordPress websites and causes malicious redirects…
Analysis of a WordPress Credit Card Swiper
Ben Martin While working on a recent case, I found something on a WordPress website that is not as common as on Magento environments: A credit card…
Spl_autoload Backdoor
With backdoors, one of the main challenges for malware authors is to execute code without using obvious functions (such as eval, asset, create_function, etc.) that…