WordPress PBN Plugin Drops Dual Webshells via Database Injection
Puja Srivastava During a recent incident response engagement, our team uncovered a multi-stage WordPress infection that goes beyond the usual file-based malware. The attacker combined a fake…
Browsing Tag
Malware Cleanup
79 posts
My Website Is Hosting a Phishing Page – Now What?
Sucuri Most phishing advice is written for the person staring at a suspicious email. This guide is for the other kind of victim: The website owner…
Joomla SEO Spam Injector: Obfuscated PHP Backdoor Hijacking Site Visitors
Overview During a recent malware cleanup investigation, we encountered a compromised Joomla website where the site owner reported a strange issue. Their website displayed a…
Web Shells: Types, Mitigation & Removal
Cesar Anjos Web shells are malicious scripts that give attackers persistent access to compromised web servers, enabling them to execute commands and control the server remotely. These…
Shadow Directories: A Unique Method to Hijack WordPress Permalinks
Last month, while working on a WordPress cleanup case, a customer reached out with a strange complaint: their website looked completely normal to them and…
Malware Intercepts Googlebot via IP-Verified Conditional Logic
Some attackers are increasingly moving away from simple redirects in favor of more “selective” methods of payload delivery. This approach filters out regular human visitors,…
WordPress Auto-Login Backdoor Disguised as JavaScript Data File
During a recent investigation, we discovered a sophisticated WordPress backdoor hidden in what appears to be a JavaScript data file. This malware automatically logs attackers…
Unauthorized Admin User Created via Disguised WordPress Plugin
Recently at Sucuri, we investigated a malware case reported by one of our clients. Their WordPress site was compromised, and the attacker had installed a…
7 Steps to Remove Malware from WordPress
Kyle Knight If you’ve ever had your website compromised by malware, you know the sheer panic it can cause. But don’t worry, you’re not alone. More importantly…
How to Fix Google Ads Disapproved Due to Malicious or Unwanted Software
Originally published: January 16, 2024 by Rianna MacLeod Were your Google Ads just disapproved after a website compromise? Or, are you seeing policy violations for…
Hacked Website Threat Report – 2022
Rianna MacLeod Education is crucial in defending your website against emerging threats. That’s why we are thrilled to share our 2022 Website Threat Research Report. Disseminating this…