One of our analysts recently identified a new Mal.Metrica redirect scam on compromised websites, but one that requires a little bit of effort on the part of the victim. It’s another lesson for web users to be careful what they Continue reading Mal.Metrica Redirects Users to Scam Sites
Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The most interesting thing about that malware was how it used dynamic DNS TXT records of Continue reading JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS
In recent months, we have encountered a number of cases where attackers inject malware into website software that allows for custom or miscellaneous code — for example, the miscellaneous scripts area of the Magento admin panel, or WordPress plugins such Continue reading Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker
Web shells are malicious scripts that give attackers persistent access to compromised web servers, enabling them to execute commands and control the server remotely. These scripts exploit vulnerabilities like SQL injection, remote file inclusion (RFI), and cross-site scripting (XSS) to Continue reading Web Shells: Types, Mitigation & Removal
We often write about malware that steals payment information from sites built with Magento and other types of e-commerce CMS. However, WordPress has become a massive player in ecommerce as well, thanks to the adoption of Woocommerce and other plugins Continue reading Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS
The .htaccess file is notorious for being targeted by attackers. Whether it’s using the file to hide malware, redirect search engines to other sites with black hat SEO tactics, or inject content — the range of possibilities for misuse is Continue reading What is .htaccess Malware? (Detection, Symptoms & Prevention)
In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup Builder WordPress plugin which was initially disclosed back in November, 2023 by Marc Montpas. In the past three weeks, we’ve Continue reading New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3
Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects drainers using the external cachingjs/turboturbo.js script. Our SiteCheck website scanner has already detected this version Continue reading From Web3 Drainer to Distributed WordPress Brute Force Attack
SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This long-standing malware campaign leverages a JavaScript malware framework that has been in use since at Continue reading New Wave of SocGholish Infections Impersonates WordPress Plugins
Since January 2024, there has been a notable surge in attacks by a novel form of website malware targeting Web3 and cryptocurrency assets. This malware, spread across multiple campaigns, uses crypto drainers to steal and redistribute assets from compromised wallets. Continue reading Web3 Crypto Malware: Angel Drainer – From Phishing Sites to Malicious Injections
Remote Access Trojans (RATs) are a serious threat capable of giving attackers control over infected systems. This malware stealthily enters systems (often disguised as legitimate software or by exploiting a vulnerability in the system) and opens backdoors for attackers to Continue reading Remote Access Trojan (RAT): Types, Mitigation & Removal
Experiencing a “This account has been suspended” warning on your website can be both confusing and alarming. This message means that your hosting provider has put your site on a temporary hold. The reasons for an account suspension can range Continue reading Fixing Website Hosting Issues: “This Account Has Been Suspended”
One of the most frequent problems that we observe in website hosting environments is “cross contamination” — the lateral movement of an attacker between websites. Cross-site contamination occurs when a site is infected by neighboring sites within the same hosting Continue reading The Dangers of Lateral Movement & Website Cross Contamination
On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was fixed in version 4.2.3. A couple of days later, on December 13th, the Balada Injector Continue reading Thousands of Sites with Popup Builder Compromised by Balada Injector
One of our analysts recently found an interesting malicious plugin injected into a WordPress / WooCommerce ecommerce website which both creates and conceals a bogus administrator user. It was also found injecting sophisticated credit card skimming JavaScript into the website’s Continue reading MageCart WordPress Plugin Injects Malicious User & Credit Card Skimmer
On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com with the following message: “The WordPress Security Team has discovered a Remove Code Execution (RCE) Continue reading Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign
Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly trusted domain googletagmanager.com. In order to create a new container and abuse Google Tag Manager, Continue reading 40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager
If you were to believe shopping mall merchants, you’d think the holiday season starts immediately after Halloween. Christmas trees and candy canes abound, along with the same songs played on repeat that we hear every year ad nauseam. However, the Continue reading Skimming Credit Cards with WebSockets
The digital world isn’t all rainbows, unicorns, and cat gifs; it also has a dark side. As threats become increasingly sophisticated, website owners and administrators need to up their game. That’s why we’ve created this tailored email course — to Continue reading New Email Course: Common Website Threats & Malware
Attackers are always on the hunt for vulnerable websites. Whether you have a WordPress, Magento, or Joomla website — you’ll want to take steps to secure your site and server from attacks and malware. In today’s post, we’ll be outlining Continue reading How to Harden & Secure a Website (12 Steps)