Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign
Denis Sinegubko Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a…
Browsing Tag
Obfuscation
102 posts
Attackers Abuse Cron Jobs to Reinfect Websites
Ben Martin Malicious cron jobs are nothing new; we’ve seen attackers use them quite frequently to reinfect websites. However, in recent months we’ve noticed a distinctive new…
The Dangers of Installing Nulled Themes & Plugins On WordPress
Nathan Chaddock Nulled WordPress themes and plugins are a controversial topic for many in the web development world — and arguably one of the bigger threats to…
Bogus URL Shorteners Redirect Thousands of Hacked Sites in AdSense Fraud Campaign
Late last year we reported on a malware campaign targeting thousands of WordPress websites to redirect visitors to bogus Q&A websites. The sites themselves contained…
Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network
Every so often attackers register a new domain to host their malware. In many cases, these new domains are associated with specific malware campaigns, often…
How to Fix & Remove the “Click Allow If You Are Not a Robot” Redirect
Eli Trevino Attackers are always finding unique ways to avoid detection. Our teams regularly find malware on compromised websites which have been obfuscated to make it more…
New Wave of SocGholish cid=27x Injections
On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads…
Examining Less-Common WordPress Credit Card Skimmers
Since 2020 considerable attention has been spent analysing the emergence of MageCart malware within WordPress environments which most commonly affects sites using WooCommerce. As demonstrated…
SocGholish Malware: Script Injections, Domain Shadowing, IPs & Obfuscation Techniques
Earlier this June, we shared information about the ongoing NDSW/NDSX malware campaign which has been one of the most common website infections detected and cleaned…
PrestaShop Skimmer Concealed in One Page Checkout Module
Matt Morrow PrestaShop is a popular freemium open source e-commerce platform used by hundreds of thousands of webmasters to sell products and services to website visitors. While…
Analysis of the Massive NDSW / NDSX Malware Campaign
Recently, Avast’s researchers Pavel Novák and Jan Rubín posted a detailed writeup about the “Parrot TDS” campaign involving more than 16,500 infected websites. Such massive…