Sucuri Labs
Backdoor Shell Dropper Deploys CMS-Specific Malware
A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want. Another common ...
GFX Xsender Hack Tool: A Spam Mailer
PHP hack tools are created and used by attackers to help automate frequent or tedious tasks. During a recent investigation, we came across a hack tool used to simplify the process of ...
Malicious Pop-up Redirects Baidu Traffic
Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want. During a recent investigation, we came across an obfuscated pop-up script leveraging baidu[.]com ...
Backdoor Obfuscation: tempnam & URL Encoding
In an attempt to avoid detection, attackers and malware authors are always experimenting with different methods to obfuscate their malicious code. During a recent investigation, we came across an interesting backdoor that ...
Magento Credit Card Stealing Malware: gstaticapi
Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information. To obtain sensitive details, the malware loads ...
Malicious One-Liner Using Hastebin
Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a domain we see used infrequently. The script ...
Phishing Page Targets AT&T’s Employee Multi-Factor Authentication
Employees at companies of all sizes can be targets of phishing attacks, but certain corporations or industries can be more valuable to an attacker than others. For instance, employees at telecom companies ...
The Hidden PHP Malware that Reinfects Cleaned Files
Website reinfections are a serious problem for website owners, and it can often be difficult to determine the cause behind the reinfection — especially if you lack access to necessary logs, which ...
phpbash – A Terminal Emulator Web Shell
It’s common for hackers to utilize post-compromise tools that contain a graphical user interface (GUI) that can be loaded in the web browser. A GUI generally makes the tool easier to use ...
Missing DMARC Records Lead to Phishing
Email will continue to be the dominant mode of digital communication for the foreseeable future. However, the email framework was not designed with security in mind. There still are security flaws that ...
