Website Security Analysis: A “Simple” Piece of Malware
For regular readers of this blog, there is one constant that pops up over and over: Malware gets more complex. When malware researchers, like myself, unlock new obfuscated code, it’s a signal to the...
View ArticleWebsite Malware: Mobile Redirect to BaDoink Porn App Evolving
Recently, we wrote about a malware redirect causing compromised sites to redirect their visitors to pornographic content (specifically, the BaDoink app). You can read more about what we found by going...
View ArticlePopular Brazilian Site “Porta dos Fundos” Hacked
A very well known Brazilian comedy site, “Porta dos Fundos,” was recently hacked and is pushing malware (drive-by-download) via a malicious Flash executable, as you can see from our Sitecheck results:...
View ArticleASP Backdoors? Sure! It’s not just about PHP
I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need to correct that perception. While they do make...
View ArticleMalicious iFrame Injector Found in Adobe Flash File (.SWF)
Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iframe is used to drop a binary browser exploit with .SWF files,...
View ArticleAsk Sucuri: How Modern Web Phishing Works
Most of us have experienced some kind of phishing attempt in our online lives, and we have seen phishing grow in complexity. Usually, we notice that the login pages are crafted to convince users they...
View ArticleClik here to view.
Fake Plugins, Fake Security
Update: The plugin name is fake and has nothing to do with the well-known WP-SpamShield plugin in the official WordPress plugin repository. WordPress users are becoming increasingly more aware of...
View ArticleClik here to view.
Obfuscation Through Legitimate Appearances
Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This seemed suspicious, since no such core WP file like it...
View ArticleClik here to view.
Persistent Malicious Redirect Variants
It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to tell, etc. But what if your “old friend” was on the criminal side of things...
View ArticleClik here to view.
Outdated Duplicator Plugin RCE Abused
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable...
View ArticleClik here to view.
Fake Volkswagen Campaign Spreads Through Social Networks
We recently investigated a suspicious link received by one of my colleagues on WhatsApp. The message (in Portuguese) states that Volkswagen is offering 20 free cars until the end of the year, and...
View ArticleClik here to view.
The Anatomy of Website Malware: An Introduction
We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose of this blog post series is to provide an...
View ArticleClik here to view.
The Anatomy of Website Malware Part 2: Credit Card Stealers
One of the biggest malicious trends in the last few months and years are credit card stealers — also commonly referred to as credit card skimmers or cc stealers. In the second part of this Website...
View ArticleClik here to view.
Targeting mobile devices the easy way
With the outburst of mobile-only malware, we’re seeing a lot of mobile-devices targeted campaigns in last years. There are lot of ways how to make sure that the malware / redirect will be activated...
View Article