Website Security News
A PHP shell containing multiple functions can easily consist of thousands of lines of code, so it’s no surprise that attackers often reuse the code from some of the most popular PHP web shells, like WSO or b374k. After all, if these popular (and readily…
We often see hackers reusing the same malware, with only a few new adjustments to obfuscate the code so that it is more difficult for scanning tools to detect. However,…
Read More about R_Evil WordPress Hacktool & Malicious JavaScript Injections
During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd file name choice for a…
Read More about Magento Phishing Leverages JavaScript For Exfiltration
During a recent investigation, we found an infected website was redirecting to YouTube after its main index.php file had been modified to include the following line of HTML: <meta http-equiv=’refresh’…
Our free SiteCheck tool helps website owners remotely scan their website to detect malware infections, blacklisting status, website errors, and other anomalies. Scanning a website’s external HTML source code provides…
A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want….
Read More about Backdoor Shell Dropper Deploys CMS-Specific Malware
PHP hack tools are created and used by attackers to help automate frequent or tedious tasks. During a recent investigation, we came across a hack tool used to simplify the…
Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want. \ During a recent investigation, we came across an obfuscated pop-up…
In an attempt to avoid detection, attackers and malware authors are always experimenting with different methods to obfuscate their malicious code. During a recent investigation, we came across an interesting…
Read More about Backdoor Obfuscation: tempnam & URL Encoding
Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information. To obtain sensitive details, the…
Read More about Magento Credit Card Stealing Malware: gstaticapi
Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a domain we see used infrequently….
