Browser Extension Bug Leads to Post Injection

Browser Extension Bug Leads to Post Injection

A few years ago, we saw how a browser extension introduced a threat to serve unwanted ads. Today, the number of browser extensions available to users has grown, along with the risk for this similar behavior to occur. We recently came across a similar case where several completely different websites ... Read More
Sucuri Webinar: How to Clean a Hacked Magento Website

Magento Credit Card Stealer Reinfector

In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal credentials. That is why we have reported on a credit card stealer reinfector of Magento websites in one of our recent Labs Notes. In ... Read More
Shell Logins as a Magento Reinfection Vector

Shell Logins as a Magento Reinfection Vector

Recently, we have come across a number of websites that were facing reinfection of a credit card information stealer malware within the following files: app/Mage.php; lib/Varien/Autoload.php; index.php; app/code/core/Mage/Core/functions.php; These are common files for attackers to target as they operate throughout Magento sites, but these instances were special as they had ... Read More
Malicious Activities with Google Tag Manager

Malicious Activities with Google Tag Manager

If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”. But when malicious behavior ensues, everything should be double-checked and suspected, even assets that come from “trusted sources” like Google, Facebook, ... Read More