The Anatomy of Website Malware Part 2: Credit Card Stealers

The Anatomy of Website Malware Part 2: Credit Card Stealers

| | Website Security
One of the biggest malicious trends in the last few months and years are credit card stealers — also commonly referred to as credit card skimmers or cc stealers . In the second part of this Website Malware Anatomy series, I’m going to deconstruct several skimmers and show you what ... Read More
The Anatomy of Website Malware: An Introduction

The Anatomy of Website Malware: An Introduction

We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose of this blog post series is to provide an overview of the most common infection categories and types of website ... Read More
Fake Volkswagen Campaign Spreads Through Social Networks

Fake Volkswagen Campaign Spreads Through Social Networks

We recently investigated a suspicious link received by one of my colleagues on WhatsApp. The message (in Portuguese) states that Volkswagen is offering 20 free cars until the end of the year, and directs users to participate on a site that has been apparently crafted especially for this “event”. After ... Read More
Outdated Duplicator Plugin RCE Abused

Outdated Duplicator Plugin RCE Abused

We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin. Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to a Remote Code ... Read More
Persistent Malicious Redirect Variants

Persistent Malicious Redirect Variants

It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to tell, etc. But what if your “old friend” was on the criminal side of things and you are meeting him more often than you actually ... Read More
Obfuscation Through Legitimate Appearances

Obfuscation Through Legitimate Appearances

Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This seemed suspicious, since no such core WP file like it exists: ./wp-includes/init.php Deceiving Appearances I started with a standard analysis and my first thought ... Read More