Website Malware Infections - Tagged - Security Boulevard
Server Side Scans and File Integrity Monitoring

Server Side Scans and File Integrity Monitoring

When it comes to the ABCs of website security server side scans and file integrity monitoring are the “A” and “B”. In fact, our server side scanner is one of the most ...
WordPress Continues to Fall Victim to Carding Attacks

WordPress Continues to Fall Victim to Carding Attacks

Unsurprisingly, as WordPress continues to increase in popularity as an e-commerce platform, attackers continue to attempt to steal credit card information from unsuspecting clients. Currently, the WordPress plugin WooCommerce accounts for roughly a quarter of all online stores. Over recent years, attackers whose ...

Server Side Data Exfiltration via Telegram API

One of the themes commonly highlighted on this blog includes the many creative methods and techniques attackers employ to steal data from compromised websites. Credit card skimmers, credential and password hijackers, SQL ...
Magento 2 PHP Credit Card Skimmer Saves to JPG

Magento 2 PHP Credit Card Skimmer Saves to JPG

Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection that was ...
Whitespace Steganography Conceals Web Shell in PHP Malware

Whitespace Steganography Conceals Web Shell in PHP Malware

Last November, we wrote about how attackers are using JavaScript injections to load malicious code from legitimate CSS files. At first glance, these injections didn’t appear to contain anything except for some ...
Phishing & Malspam with Leaf PHPMailer

Phishing & Malspam with Leaf PHPMailer

It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download a malicious ...
Real-Time Phishing Kit Targets Brazilian Central Bank

Real-Time Phishing Kit Targets Brazilian Central Bank

We recently found an interesting phishing kit on a compromised website that has QR code capabilities, along with the ability to control the phishing page in real time. What our investigation revealed ...
Obfuscation Techniques in Ransomweb “Ransomware”

Obfuscation Techniques in Ransomweb “Ransomware”

As vital assets for many business operations, websites and their hosting servers are often the target of ransomware attacks — and if they get taken offline, this can cause major issues for ...
Evaluating Cookies to Hide Backdoors

Evaluating Cookies to Hide Backdoors

Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of techniques that ...
Bogus CSS Injection Leads to Stolen Credit Card Details

Bogus CSS Injection Leads to Stolen Credit Card Details

A client recently reported their customers were receiving antivirus warnings when trying to access and purchase products from a Magento ecommerce website. This is almost always a telltale sign that something is ...