Malicious Injection Redirects Traffic via Parked Domain
Puja Srivastava During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The…
Browsing Tag
Labs Note
298 posts
Backdoor Targets FreePBX Asterisk Management Portal
Krasimir Konov Written in PHP and JavaScript, FreePBX is a web-based open-source GUI that manages Asterisk, a voice over IP and telephony server. This open-source software allows…
Gambling Spam in Visual Composer Raw HTML Element: [vc_raw_html]
Denis Sinegubko Bad actors often look for clever ways to boost the rankings and visibility of their spam pages in search. One of the many black hat…
Phishing & Malspam with Leaf PHPMailer
Luke Leal It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click…
Magento PHP Injection Loads JavaScript Skimmer
A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP…
Evaluating Cookies to Hide Backdoors
Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often…
Malware Dropper Takes Advantage of COVID-19 Pandemic
Since April, our team has been tracking the spread of a PHP malware dropper. It’s impacting unsuspecting victims who thought they were downloading a mapping…
Fake WordPress Functions Conceal assert() Backdoor
Douglas Santos A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting.…
Obfuscation Techniques in MARIJUANA Shell “Bypass”
Attackers are always trying to come up with new ways to evade detection from the wide range of security controls available for web applications. This…
Hackers Love Expired Domains
Sometimes, website owners no longer want to own a domain name and they allow it to expire without attempting to renew it. This happens all…
Hidden SEO Spam Link Injections on WordPress Sites
Often when a website is injected with SEO spam, the owner is completely unaware of the issue until they begin to receive warnings from search…