Website Security News
PHP web shells are a type of backdoor which, when left on compromised websites, allow attackers to maintain unauthorized access after initial compromise. To further evade detection, attackers may also choose to keep a packer script on a compromised website instead of the actual PHP…
During a recent malware investigation, we found a fake WordPress plugin called M-Shield. We also found almost an identical plugin under the name kingof, with malicious code hosted in the…
Moe Obaid – an analyst from our Remediation Team – recently found a PHP dropper that had been installed as a malicious WordPress plugin. Unlike other fake plugins we’ve recently…
Read More about PHP Dropper Concealed in Malicious WordPress Plugin
The majority of malware we find on compromised websites have been planted by bad actors with the intention of concealing and accessing backdoor access. During a recent investigation, we found…
A website owner reached out to us to investigate a weird behavior on their site. It was randomly showing a popup window for a missing font and telling the visitors…
During our malware research role, we analyze hundreds (if not thousands) of malware samples every day. Quite often, highly-obfuscated techniques are used by attackers to avoid detection and maintain access…
Read More about The elegant dropper – reusable code for PHP shell installation
