Weebly is an easy-to-use website builder that allows admins to quickly create and publish responsive blogs and sites. Website builder environments are usually considered to be very safe and not prone to malware infections, but during a recent investigation I Continue reading Finding & Removing Malware From Weebly Sites
A recent infection has been making its rounds across vulnerable WordPress sites, detected on over 160 websites so far at the time of writing. The infection is injected at the top of legitimate JavaScript files and executes a script from Continue reading Fake jQuery Domain Redirects Site Visitors to Scam Pages
Written in PHP and JavaScript, FreePBX is a web-based open-source GUI that manages Asterisk, a voice over IP and telephony server. This open-source software allows users to build customer phone systems. During a recent investigation, I came across a simple Continue reading Backdoor Targets FreePBX Asterisk Management Portal
Attackers are always finding unique ways to avoid detection. Our teams regularly find malware on compromised websites which have been obfuscated to make it more difficult for webmasters to detect or understand. Obfuscation can take many forms, such as encrypting Continue reading Infected WordPress Plugins Redirect to Push Notification Scam
Since 2018, our team has been tracking an interesting type of website infection where the tag of a hacked website is changed to Chinese text — changes which are clearly seen in the website’s search results and source code. However, Continue reading Chinese Gambling Spam Targets World Cup Keywords
On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads zipped malicious templates from WordPress theme and fake plugins files before extracting the SocGholish script, Continue reading New Wave of SocGholish cid=27x Injections
Readers of this blog should already be familiar with SocGholish: a widespread, years-long malware campaign aimed at pushing fake browser updates to unsuspecting web users. Once installed, fake browser updates infect the victim’s computer with various types of malware including Continue reading New SocGholish Malware Variant Uses Zip Compression & Evasive Techniques
Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines. Continue reading Massive ois[.]is Black Hat Redirect Malware Campaign
There appears to be a general misunderstanding among internet users about the difference between malware and viruses. The two terms are often used interchangeably — and to an extent, this is perfectly fine. But in today’s article, we’ll be clarifying Continue reading Malware vs Virus: What’s the Difference?
Malware authors, with some notable exceptions, tend to design their malicious code to hide from sight. The techniques they use help their malware stay on the victim’s website for as long as possible and ensure execution. For example — obfuscation Continue reading Wordfence Evasion Malware Conceals Backdoors
Imagine for a moment that you’re searching for a topic. You find what you’re looking for on the first page of Google’s search results and click through to the website. But instead of the expected web page, you find yourself Continue reading What is the 503 Service Unavailable Error & How to Fix It
The attack is simple: when browsing an infected website, the user receives a notification that insists they must download a file to continue to access the content. What they don’t know is that the file is actually a Remote Access Continue reading New Malware Variants Serve Bogus CloudFlare DDoS Captcha
All software has bugs — but some bugs can lead to serious security vulnerabilities that can impact your website and traffic. Vulnerabilities can be especially dangerous when your software is running over the web, since anyone can reach out and Continue reading A Guide to Virtual Patching for Website Vulnerabilities
Magento store owners using the popular FishPig extensions should be wary of a recent supply chain attack which compromised their software repository. FishPig released a detailed security announcement on September 13th, 2022. The attack is estimated to have occurred on Continue reading Magento Supply Chain Attack Targets Extension Developer FishPig
Bad actors often look for clever ways to boost the rankings and visibility of their spam pages in search. One of the many black hat SEO injections that we regularly find on compromised sites involves spammy links hidden inside a Continue reading Gambling Spam in Visual Composer Raw HTML Element: [vc_raw_html]
When a website is hacked symptoms can sometimes include unexpected, unfamiliar and strangely located favicon or .ico files. Other symptoms might include: ”This site may be hacked” warnings ShareTweetSharePostSharePin It!
Every once in a while, we get a glimpse into the strange behavior that happens after a site is compromised. Hacked websites are known to result in a plethora of headaches for webmasters, including malicious redirects, broken links, and unwanted Continue reading Post-Hack Instructions: SEO Spam & 404 Errors in Search Console
Since 2020 considerable attention has been spent analysing the emergence of MageCart malware within WordPress environments which most commonly affects sites using WooCommerce. As demonstrated in a previous post WordPress has quickly become the most commonly affected CMS platform for Continue reading Examining Less-Common WordPress Credit Card Skimmers
It’s not uncommon for users to experience “DDoS Protection” pages when casually browsing the web. These DDoS protection pages are typically associated with browser checks performed by WAF/CDN services which verify if the site visitor is, in fact, a human Continue reading Fake DDoS Pages On WordPress Sites Lead to Drive-By-Downloads
Earlier this June, we shared information about the ongoing NDSW/NDSX malware campaign which has been one of the most common website infections detected and cleaned by our remediation team in the last few years. This NDSW/NDSX malware — also referred Continue reading SocGholish: 5+ Years of Massive Website Infections