PinnacleCart Server-Side Skimmers and Backdoors

PinnacleCart Server-Side Skimmers and Backdoors

While open-source ecommerce platforms are the most common targets for web skimmers, hackers also target paid-for software — especially if it’s used on high-profile online stores with large user-bases. This time, our analysts Kara Federow and Keith Petkus found malware on a website powered by PinnacleCart, a webstore solution used ... Read More
Web Skimmer with a Domain Name Generator

Web Skimmer with a Domain Name Generator

Our security analyst Moe Obaid recently found yet another variation of a web skimmer script injected into a Magento database. The malicious script loads the credit card stealing code from qr201346[.]pw and sends the stolen details to hxxps://gooogletagmanager[.]online/get.php. This approach is pretty typical for skimmers. However, we noticed one interesting ... Read More
WordPress Database Brute Force and Backdoors

WordPress Database Brute Force and Backdoors

We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However, the WordPress login is not the only point of entry that hackers use to break into sites. Since the WordPress CMS stores most of its ... Read More
Fake AmeriCommerce Shopping Cart

Fake AmeriCommerce Shopping Cart

Our malware analyst Liam Smith recently found malware on a client’s site that targets ecommerce sites powered by AmeriCommerce software. A popular ecommerce software solution that allows users to run multiple carts with a single admin user, AmeriCommerce product pages typically include an HTML form with the information about the ... Read More
5 Year Anniversary of the SoakSoak Malware Tsunami

5 Year Anniversary of the SoakSoak Malware Tsunami

This is a story about the SoakSoak malware campaign that proved that you can’t underestimate impact of security issues in popular premium software. These days, the majority of popular content management systems are 100% free: WordPress, Magento, Joomla, Drupal, etc. Moreover, most CMS extensions are also free. In fact, modern ... Read More
Unmasking Black Hat SEO for Dating Scams

Unmasking Black Hat SEO for Dating Scams

Malware obfuscation comes in all shapes and sizes — and it’s sometimes hard to recognize the difference between malicious and legitimate code when you see it. Recently, we came across an interesting case where attackers went a few extra miles to make it more difficult to notice the site infection ... Read More
Vulnerable Versions of Adminer as a Universal Infection Vector

Vulnerable Versions of Adminer as a Universal Infection Vector

This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables. This is still the same ongoing campaign that we’ve been following for the past few years, ... Read More
Skimmers for Both Magento and WordPress

Skimmers for Both Magento and WordPress

We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS. When discussing credit card skimmers like Magecart, it’s sometimes overlooked that WordPress also has a decent share in the ecommerce segment. There are numerous popular plugins that can easily turn ... Read More
Pharma Spam Redirects to .su & .eu Sites

Pharma Spam Redirects to .su & .eu Sites

We regularly clean all sorts of black hat SEO infections. During these infection cleanups, we often find compromised websites redirecting visitors to fake “Canadian Pharmacy” landing pages selling counterfeit men’s health pills from various .su and .eu top level domains. Spammy Redirect File Names & Contents These SEO infections usually ... Read More
Data URLs and HTML Entities in New WordPress Malware

Data URLs and HTML Entities in New WordPress Malware

Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types. Scripts as Data URLs The first type looks pretty similar to what we discussed in our recent post. However, instead of placing the code between the … tags, these injections have ... Read More
Loading...