Website Security News
A client recently reported their customers were receiving antivirus warnings when trying to access and purchase products from a Magento ecommerce website. This is almost always a telltale sign that something is amiss, and so I began my investigation. Malware in Database Tables As is…
Read More about Bogus CSS Injection Leads to Stolen Credit Card Details
We sometimes find malware code injections that contain strange code comments, which are normally used by programmers to annotate a section of code — for example, a short description of…
This summer, MalwareBytes researcher Jérôme Segura wrote an article about how criminals use image files (.ico) to hide JavaScript credit card stealers on compromised e-commerce sites. In a tweet, Affable…
Read More about CSS-JS Steganography in Fake Flash Player Update Malware
A PHP shell containing multiple functions can easily consist of thousands of lines of code, so it’s no surprise that attackers often reuse the code from some of the most…
Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want. \ During a recent investigation, we came across an obfuscated pop-up…
Email will continue to be the dominant mode of digital communication for the foreseeable future. However, the email framework was not designed with security in mind. There still are security…
An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable…
Read More about WordPress Malware Disables Security Plugins to Avoid Detection
Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x, making it an incredibly popular…
Read More about Using assert() to Execute Malware in PHP 7 Environments
During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain cdn-filestore[dot]com. My colleague Luke Leal…
Read More about CDN-Filestore Credit Card Stealer for Magento
This is a simple script that allows hackers to block specific crawlers based upon website requests from specific user-agents. This is useful when you don’t want certain traffic from being…
Read More about Web Crawler & User Agent Blocking Techniques
“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware scanners. The hexadecimal/decimal obfuscation is…
Read More about Smoker Backdoor: Evasion Techniques in Webshell Backdoors
