Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The most interesting thing about that malware was how it used dynamic DNS TXT records of Continue reading JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS
On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com with the following message: “The WordPress Security Team has discovered a Remove Code Execution (RCE) Continue reading Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign
Using out of date software is the leading cause of website compromise, so keeping your environment patched and up to date is one of the most important responsibilities of a website administrator. It’s not uncommon to employ the use of Continue reading Tampered OpenCart Authentication Aids Credit Card Skimming Attack
In the middle of September 2023, vulnerability advisory resources disclosed the details of an Unauthenticated Stored XSS vulnerability in the tagDiv Composer (the companion plugin for the popular tagDiv premium themes Newspaper and Newsmag). Shortly after that, we started noticing Continue reading Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins
Readers of this blog will know that attackers are constantly finding new ways to hide their malware and avoid detection; after all, that’s what good malware does best! We have recently observed attackers leveraging both excessive amounts of unicode as Continue reading Remote Code Execution Backdoor Uses Unicode Obfuscation & Non-Standard File Extensions
Attackers are always finding new and creative ways to compromise websites and maintain their foothold in environments. This is frequently done via the use of backdoors: PHP scripts designed to allow attackers access and control even after you’ve changed your Continue reading Massive Abuse of an Abandoned Eval PHP WordPress Plugin
Education is crucial in defending your website against emerging threats. That’s why we are thrilled to share our 2022 Website Threat Research Report. Disseminating this information to the community helps educate website owners about the latest trends and threats. This Continue reading Hacked Website Threat Report – 2022
Malicious cron jobs are nothing new; we’ve seen attackers use them quite frequently to reinfect websites. However, in recent months we’ve noticed a distinctive new wave of these infections that appears to be closely related to this article about a Continue reading Attackers Abuse Cron Jobs to Reinfect Websites
Nulled WordPress themes and plugins are a controversial topic for many in the web development world — and arguably one of the bigger threats to WordPress security. Essentially modified versions of official WordPress themes and plugins with their licensing restrictions Continue reading The Dangers of Installing Nulled WordPress Themes and Plugins
Attackers are always looking for new ways to conceal their malware and evade detection, whether it’s through new forms of obfuscation, concatenation, or — in this case — unorthodox use of image file extensions. One of the most common backdoors Continue reading Konami Code Backdoor Concealed in Image
Every so often attackers register a new domain to host their malware. In many cases, these new domains are associated with specific malware campaigns, often related to redirecting legitimate website traffic to third party sites of their choosing — including Continue reading Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network
Written in PHP and JavaScript, FreePBX is a web-based open-source GUI that manages Asterisk, a voice over IP and telephony server. This open-source software allows users to build customer phone systems. During a recent investigation, I came across a simple Continue reading Backdoor Targets FreePBX Asterisk Management Portal
Readers of this blog should already be familiar with SocGholish: a widespread, years-long malware campaign aimed at pushing fake browser updates to unsuspecting web users. Once installed, fake browser updates infect the victim’s computer with various types of malware including Continue reading New SocGholish Malware Variant Uses Zip Compression & Evasive Techniques
Malware authors, with some notable exceptions, tend to design their malicious code to hide from sight. The techniques they use help their malware stay on the victim’s website for as long as possible and ensure execution. For example — obfuscation Continue reading Wordfence Evasion Malware Conceals Backdoors
WordPress security is serious business – and an essential consideration for anyone using the world’s most popular CMS (Content Management System). While the WordPress team quickly addresses known security issues in WordPress’ core to protect the millions of website owners Continue reading Top 5 Most Common WordPress Malware Infections: An Anatomy Lesson
The AnonymousFox hack targets insecure websites and actively exploits them to spread phishing, spam, and other malware. A major nuisance for website owners, it also happens to be one of the more prevalent types of malware seen on client sites Continue reading How to Find & Clean Up the AnonymousFox Hack
The threat landscape is constantly shifting. As attackers continue to hone their tools and exploit new vulnerabilities, our team works diligently to identify and analyze threats posed to webmasters. So – what do you need to do to stay one Continue reading 2021 Threat Report Webinar
Recently, Avast’s researchers Pavel Novák and Jan Rubín posted a detailed writeup about the “Parrot TDS” campaign involving more than 16,500 infected websites. Such massive infections don’t go unnoticed by Sucuri and we immediately recognized that the infection in their Continue reading Analysis of the Massive NDSW/NDSX Malware Campaign