What Motivates Website Malware Attacks?
Ben Martin The depiction in the media of hackers tends to be that of balaclava-wearing villains who type furiously in a dark basement, motivated by nothing but…
Browsing Tag
Malware
214 posts
Fake Java Update Popup Found in Malicious WordPress Plugin
Puja Srivastava We recently assisted a customer who reported a persistent and concerning “Java Update” pop-up appearing on their WordPress website. This type of deceptive notification is…
Fake Google Meet Page Tricks Users into Running PowerShell Malware
Last month, a customer reached out to us after noticing suspicious URLs on their WordPress site. Visitors reported being prompted to perform unusual actions. We…
Another Fake Cloudflare Verification Targets WordPress Sites
Kayleigh Martin A new Cloudflare infection has once again been targeting WordPress sites. This new iteration of malware mimics a legitimate-looking Cloudflare verification page, which then tricks…
Fake GIF Leveraged in Multi-Stage Reverse-Proxy Card Skimming Attack
In today’s post we’re going to review a sophisticated, multi-stage carding attack on a Magento eCommerce website. This malware leveraged a fake gif image file,…
Fake Font Domain Used to Skim Credit Card Data
Recently, a client of ours came to us concerned about credit card theft on their WordPress site. The client’s users reported that their credit card…
Hidden Malware Strikes Again: Mu-Plugins Under Attack
At Sucuri, our security researchers continually monitor for new malware variants and infection techniques targeting WordPress websites. Recently, we’ve uncovered multiple cases where threat actors…
Fake Cloudflare Verification Results in LummaStealer Trojan Infections
Today’s blog post will be a follow up to a previous article we posted a few weeks ago: We continue to see new variants of…
Credit Card Skimmer and Backdoor on WordPress E-commerce Site
The battle against e-commerce malware continues to intensify, with attackers deploying increasingly sophisticated tactics. In a recent case at Sucuri, a customer reported suspicious files…
Cascading Redirects: Unmasking a Multi-Site JavaScript Malware Campaign
During a recent website security investigation, we uncovered a malicious JavaScript injection affecting a WordPress website. The infection was responsible for redirecting visitors to unwanted…
Fake WordPress Plugin Impacts SEO by Injecting Casino Spam
Injecting malware via a fake WordPress plugin has been a common tactic of attackers for some time. This clever method is often used to bypass…