Website Security News
A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want. Another common scenario includes malware which is directly injected into a website’s files and used…
Read More about Backdoor Shell Dropper Deploys CMS-Specific Malware
Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a fake component which was masquerading…
Read More about Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors
When creating phishing lures, attackers may cite recent major regulatory changes within the context of their social engineering scheme to confuse or further entice victims into clicking a link or…
Read More about Phishing Campaign Targets Poste Italiane & SMS OTP Verification
It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating their malicious code to make…
When we investigate compromised websites, it’s not unusual to find malicious files that have been obfuscated through forms of encoding or encryption — however, these are not the only methods…
We were recently contacted by a website owner about some malicious injected spam links that were being indexed by Google’s search engine crawler Googlebot. What was especially frustrating for the…
Read More about Abused Cloudflare Workers Service Used to Inject Korean SEO Spam
The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities…
There has been a noted increase in the number of sextortion scams during 2019. These scam campaigns are commonly distributed through email, but any method of digital communication can be…
During an investigation, a client reported some weird behavior from all incoming visits during their Google search engine result clicks are instantly redirected to an online pharmacy store. This occurred…
Read More about Conditional redirection to an online pharmacy store
We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / Sucuri team,…
Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request looks like: Users see a…
Read More about Fake Browser Updates Push Ransomware and Bank Malware
