Vulnerable Versions of Adminer as a Universal Infection Vector

Vulnerable Versions of Adminer as a Universal Infection Vector

This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables. This is still the same ongoing campaign that we’ve been following for the past few years, ... Read More
Skimmers for Both Magento and WordPress

Skimmers for Both Magento and WordPress

We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS. When discussing credit card skimmers like Magecart, it’s sometimes overlooked that WordPress also has a decent share in the ecommerce segment. There are numerous popular plugins that can easily turn ... Read More
Pharma Spam Redirects to .su & .eu Sites

Pharma Spam Redirects to .su & .eu Sites

We regularly clean all sorts of black hat SEO infections. During these infection cleanups, we often find compromised websites redirecting visitors to fake “Canadian Pharmacy” landing pages selling counterfeit men’s health pills from various .su and .eu top level domains. Spammy Redirect File Names & Contents These SEO infections usually ... Read More
Data URLs and HTML Entities in New WordPress Malware

Data URLs and HTML Entities in New WordPress Malware

Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types. Scripts as Data URLs The first type looks pretty similar to what we discussed in our recent post. However, instead of placing the code between the … tags, these injections have ... Read More
Fake UpdraftPlus Plugins

Fake UpdraftPlus Plugins

We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins with backdoor functionality. Malicious Plugins Sourced from UpdraftPlus Attackers have been using different names for these fake plugins, including initiatorseo or updrat123—but any title can ... Read More
A New Wave of Buggy WordPress Infections

A New Wave of Buggy WordPress Infections

We’ve been following an ongoing malware campaign for the past couple of years now. This campaign is renowned for its prompt addition of exploits for newly discovered WordPress theme and plugin vulnerabilities. Every other week, the attackers introduce new domain names and slightly change the obfuscation of their scripts to ... Read More
A New Wave of Buggy WordPress Infections

A New Wave of Buggy WordPress Infections

We’ve been following an ongoing malware campaign for the past couple of years now. This campaign is renowned for its prompt addition of exploits for newly discovered WordPress theme and plugin vulnerabilities. Every other week, the attackers introduce new domain names and slightly change the obfuscation of their scripts to ... Read More
TimThumb Attacks: The Scale of Legacy Malware Infections

TimThumb Attacks: The Scale of Legacy Malware Infections

These days, we consider a malware campaign massive if it affects a couple thousand websites. However, back in the day when Sucuri first started its operations, the scale of infections was significantly larger — and it was quite typical to see hundreds of thousands of websites affected by the same ... Read More
Magento Skimmers: From Atob to Alibaba

Magento Skimmers: From Atob to Alibaba

Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this: It uses the JavaScript atob function to decode base64-encoded domain names and URL patterns. In the sample above, it’s hxxps://livegetpay[.]com/pay.js?v=2.2.9 and “onepage”, respectively. The campaign used a variety of different domain ... Read More
Autoloaded Server-Side Swiper

Autoloaded Server-Side Swiper

Front-end JavaScript-based credit card stealing malware has garnered a lot of attention within the security community. This makes sense, since the “swipers” can be easily detected by simply scanning the web pages of e-commerce sites. However, this isn’t the only way to steal payment details and sensitive user information from ... Read More
Loading...