An attacker’s key to creating a profitable malware campaign is persistence. Malicious code that is easily detected and removed will not generate enough value for the attacker. This is the reason why we are seeing more and more malware using creative backdoor techniques, different obfuscation methods, and using unique approaches to increase the lifespan of any given attack.
Today we found this malware; a simple, but heavily encoded SPAM injector that was prepended to a valid Joomla File. Yes, nothing new, we have thousands of blog posts that show this kind of malware: