R_Evil WordPress Hacktool & Malicious JavaScript Injections

R_Evil WordPress Hacktool & Malicious JavaScript Injections

We often see hackers reusing the same malware, with only a few new adjustments to obfuscate the code so that it is more difficult for scanning tools to detect. However, sometimes entirely ...
SiteCheck Malware Report: September Summary

SiteCheck Malware Report: September Summary

Our free SiteCheck tool helps website owners remotely scan their website to detect malware infections, blacklisting status, website errors, and other anomalies. Scanning a website’s external HTML source code provides immediate results, ...

Backdoor Shell Dropper Deploys CMS-Specific Malware

A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want. Another common ...
GFX Xsender Hack Tool: A Spam Mailer

GFX Xsender Hack Tool: A Spam Mailer

PHP hack tools are created and used by attackers to help automate frequent or tedious tasks. During a recent investigation, we came across a hack tool used to simplify the process of ...
Backdoor Obfuscation: tempnam & URL Encoding

Backdoor Obfuscation: tempnam & URL Encoding

In an attempt to avoid detection, attackers and malware authors are always experimenting with different methods to obfuscate their malicious code. During a recent investigation, we came across an interesting backdoor that ...

Malicious One-Liner Using Hastebin

Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a domain we see used infrequently. The script ...
The Hidden PHP Malware that Reinfects Cleaned Files

The Hidden PHP Malware that Reinfects Cleaned Files

Website reinfections are a serious problem for website owners, and it can often be difficult to determine the cause behind the reinfection — especially if you lack access to necessary logs, which ...
phpbash – A Terminal Emulator Web Shell

phpbash – A Terminal Emulator Web Shell

It’s common for hackers to utilize post-compromise tools that contain a graphical user interface (GUI) that can be loaded in the web browser. A GUI generally makes the tool easier to use ...
WordPress Malware Disables Security Plugins to Avoid Detection

WordPress Malware Disables Security Plugins to Avoid Detection

An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable it? I’ve ...

Using assert() to Execute Malware in PHP 7 Environments

Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x, making it an incredibly popular scripting language ...