Today’s story starts much the same as many others on this blog: A new client came to us reporting that credit card details were being compromised from their checkout page. The website owner had even been contacted by a major Continue reading Compromised OpenCart Payment Module Steals Credit Card Information
A vast majority of website malware employ the ever-familiar HTTP/HTTPS protocols for its malicious activities. But, we also periodically confront more interesting hybrid malware leveraging various other internet protocols. For example, malware sending email spam, DDoS tools creating floods of Continue reading From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail
Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide as comprehensive of a scan as server-side scanners, they allow users to instantly identify malicious Continue reading SiteCheck Remote Website Scanner — Mid-Year 2023 Report
Website owners and developers tend to buy a lot of domains. With different projects on the go and working with multiple different clients at any given time it can be a challenge to keep track of all your inventory. Sadly, Continue reading Abandoned US Congressional Website Used in Asian Gambling Spam Infection
We’ve all received spam and phishing emails — our inboxes are often full of them. They let us know that our package is being delivered (even when we haven’t ordered anything), provide details on our “recent” tax filing (that was Continue reading How to Recognize & Avoid Phishing Emails: A Cautionary Tale
This investigation started with a small and quite simple piece of PHP malware found on a hacked website. We located the following PHP code, responsible for injecting spammy links, within a wp-includes.php file: This script fetches a list of links Continue reading Massive Google Colaboratory Abuse: Gambling and Subscription Scam
During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The malware was found hijacking the website’s traffic, redirecting visitors via a parked third-party domain to Continue reading Malicious Injection Redirects Traffic via Parked Domain
When we think about website malware, visible infection symptoms most often come to mind: unwanted ads or pop-ups, redirects to third party sites, or spam keywords in search results. However, in some cases these very symptoms are the results of Continue reading Demystifying Website Hacktools: Types, Threats, and Detection
Welcome to the world of keyloggers, where every keystroke you make may be watched, recorded, and potentially used against you! Now that we’ve got your attention, let’s dive into the somewhat unsettling realm of these sneaky little digital spies. In Continue reading What Is a Keylogger?
On May 11th, 2023, the very popular WordPress plugin Essential Addons for Elementor released a patch for a critical privilege escalation vulnerability, initially discovered by PatchStack. The technical details of this vulnerability can be found on their recent blog post. Continue reading Vulnerability in Essential Addons for Elementor Leads to Mass Infection
It’s not often that we get the opportunity to write about website defacements on this blog. Defacements — where a website homepage is replaced with a hacker logo or some sort of political or religious message — are usually fairly Continue reading Websites Defaced with Belarusian Bottled Water Company Content
As a child, I loved sending secret messages to my friends using invisible ink. A quick squeeze of lemon juice was all I needed to jot down my secret message. When combined with a simple heat source (I used the Continue reading What is Steganography? (Or, How Hackers Hide Malware On Websites)
On April 11th, 2023, a software update was released to patch a severe vulnerability within the Limit Login Attempts WordPress security plugin. With over 600,000 installations, it’s among the most popular WordPress plugins in use to help prevent unauthorized access Continue reading Limit Login Attempts Vulnerability – Patch Now!
Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a proper name. Typically, we refer to it as an ongoing long lasting massive WordPress infection Continue reading Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign
Disclaimer: The malware infection described in this article does not affect the software plugin or payment gateway as a whole, and does not indicate any vulnerabilities or security flaws within Authorize.net itself nor WooCommerce or any associated WooCommerce plugin extensions. Continue reading WooCommerce Credit Card Skimmer Reveals Tampered Gateway Plugin
Nowadays, the term DDoS raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they might be familiar with the effects of getting DDoSed: an extremely sluggish, shut down, or dysfunctional website. In Continue reading How to Know If You’re Under DDoS Attack
Defacement is easily one the most obvious signs of a hacked website. In these attacks, bad actors gain unauthorized access to an environment and leave their mark through digital vandalism, altering its visual appearance or content in the process. In Continue reading What is a Website Defacement?
We recently had a new client come to us with a rather peculiar issue on their WordPress website: They were receiving unwanted popup advertisements but only when the website was accessed through links posted on FaceBook. Initially we thought that Continue reading Magbo Spam Injection Encoded with hex2bin
Symptoms of a hack can vary wildly. A concerning security alert from Google, a browser warning when you visit your site, or even a notice from your hosting provider that they’ve taken down your website — all of these events Continue reading Is My Site Hacked? (13 Signs)
Malicious cron jobs are nothing new; we’ve seen attackers use them quite frequently to reinfect websites. However, in recent months we’ve noticed a distinctive new wave of these infections that appears to be closely related to this article about a Continue reading Attackers Abuse Cron Jobs to Reinfect Websites