What is Cryptocurrency Mining Malware?

Before we get into the details of “Cryptocurrency Mining Malware”, we need to understand first what cryptocurrency is and what miners are. What is Cryptocurrency? Cryptocurrency is best thought of as digital ...
W97M/Downloader Malware Dropper Served from Compromised Websites

W97M/Downloader Malware Dropper Served from Compromised Websites

W97M/Downloader is part of a large banking malware operation that peaked in March 2016. Bad actors have been distributing this campaign for well over a year, which serves as a doorway to ...
From .tk Redirects to PushKa Browser Notification Scam

From .tk Redirects to PushKa Browser Notification Scam

In the past couple of years, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into WordPress sites. This campaign leverages old vulnerabilities (patched a long time ago) found in ...
More on Dnsden[.]biz Swipers and Radix Obfuscation

More on Dnsden[.]biz Swipers and Radix Obfuscation

After recent publication of the Uncommon Radixes Used in Malware Obfuscation article, we found an interesting Twitter thread involving @EKFiddle and @Ledtech3 #EKFiddle [Regex update]: Added Radix Web Skimmer identified by @unmaskparasites ...
Cookie Consent Script Used to Distribute Malware

Cookie Consent Script Used to Distribute Malware

Most websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to be compliant with the EU General Data ...
How to Remove Malware & Clean a Magento Site

Magento Credit Card Stealer Reinfector

In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal credentials. That is why we have ...
Massive localstorage[.]tk Drupal Infection

Massive localstorage[.]tk Drupal Infection

After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this one: Massive #Drupal infection that redirects to "Tech Support" ...
A Puzzling Backdoor Upload

A Puzzling Backdoor Upload

After a successful compromise, backdoors are frequently left behind and function as a point of re-entry into the website environment. These malicious pieces of code are a valuable tool for attackers and ...
From Baidu to Google’s Open Redirects

From Baidu to Google’s Open Redirects

Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam pages. It didn’t last long. Soon after the ...
Obfuscation Through Legitimate Appearances

Obfuscation Through Legitimate Appearances

Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This seemed suspicious, since no such core ...
Loading...