Fake WordPress Caching Plugin Used to Steal Admin Credentials
Matt Morrow A common trend we see is that bad actors will upload malicious plugins to WordPress sites. These plugins serve a wide variety of functions from…
Browsing Tag
Obfuscation
113 posts
The Security Risks of Using Nulled WordPress Plugins
Kyle Knight The prospect of obtaining premium features without spending a dime is tempting. Nulled WordPress plugins and themes, often being advertised as the no cost versions…
Thousands of Sites with Popup Builder Compromised by Balada Injector
Denis Sinegubko On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was…
MageCart WordPress Plugin Injects Malicious User & Credit Card Skimmer
Ben Martin One of our analysts recently found an interesting malicious plugin injected into a WordPress / WooCommerce ecommerce website which both creates and conceals a bogus…
40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager
Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly…
Skimming Credit Cards with WebSockets
If you were to believe shopping mall merchants, you’d think the holiday season starts immediately after Halloween. Christmas trees and candy canes abound, along with…
Shifting Malware Tactics & Use of Non-Executable .txt & .log Files
Krasimir Konov The malware landscape is constantly evolving — and bad actors are always devising new techniques to evade detection. Our analysts most commonly find website malware…
Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins
In the middle of September 2023, vulnerability advisory resources disclosed the details of an Unauthenticated Stored XSS vulnerability in the tagDiv Composer (the companion plugin…
Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images
MageCart infections most often come in the form of complex, obfuscated JavaScript injected into Magento database tables such as core_config_data, or as malicious plugins or…
Bogus URL Shorteners Go Mobile-Only in AdSense Fraud Campaign
Since September 2022, our team has been tracking a bogus URL shortener redirect campaign that started with just a single domain: ois[.]is. By the beginning…
Remote Code Execution Backdoor Uses Unicode Obfuscation & Non-Standard File Extensions
Readers of this blog will know that attackers are constantly finding new ways to hide their malware and avoid detection; after all, that’s what good…