Website Security News
Bad actors often look for clever ways to boost the rankings and visibility of their spam pages in search. One of the many black hat SEO injections that we regularly find on compromised sites involves spammy links hidden inside a <div> with the following style…
Read More about Gambling Spam in Visual Composer Raw HTML Element: [vc_raw_html]
It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download…
A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the…
Read More about Magento PHP Injection Loads JavaScript Skimmer
Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of…
Since April, our team has been tracking the spread of a PHP malware dropper. It’s impacting unsuspecting victims who thought they were downloading a mapping software to monitor the spread…
Read More about Malware Dropper Takes Advantage of COVID-19 Pandemic
A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting. Among 246 other lines, this…
Read More about Fake WordPress Functions Conceal assert() Backdoor
Attackers are always trying to come up with new ways to evade detection from the wide range of security controls available for web applications. This also extends to malware like…
Read More about Obfuscation Techniques in MARIJUANA Shell “Bypass”
Sometimes, website owners no longer want to own a domain name and they allow it to expire without attempting to renew it. This happens all the time and is totally…
Often when a website is injected with SEO spam, the owner is completely unaware of the issue until they begin to receive warnings from search engines or blacklists. This is…
Read More about Hidden SEO Spam Link Injections on WordPress Sites
According to W3Tech’s data, PrestaShop is among the most popular CMS choices for existing ecommerce websites, so it should come as no surprise that malware has been created to specifically…
Read More about PrestaShop SuperAdmin Injector and Login Stealer
We have already shared examples of many kinds of malware that rely on an external gateway to receive or return data, such as different malware payloads. During a recent investigation,…
