Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Since CoinHive domain made it into many blacklists, attackers began avoiding linking to the hosted library file https://coinhive .com/lib/coinhive.min.js. Instead, they uploaded this file to third-party sites. Some of the attempts to get rid of the coinhive.com domain look pretty naive. For example, injecting the whole library code into web pages.

Read More ...

We are seeing hundreds of infected WordPress sites with the following scripts (in one line) injected in random places in wp_posts table.

Read More ...

Every now and then I check my spam mail box for interesting malware (yes, I receive a lot of phishing messages and alerts that my payments are overdue), but most of the time is more of the same, effortless malware, lousy written messages and not fun to analyze.

Read More ...

Recently we wrote about wp-vcd malware that created rogue WordPress admin users (100010010) and injected spam links.

Our readers noticed that the “nulled” premium theme sites promoted by the injected links (and some other similar sites) had this very wp-vcd malware pre-installed with every downloaded theme.

It’s pretty easy to notice when you check the files inside the downloaded .zip files. All original files have one date, but two files have a different, more recent date:

Read More ...

Over the last months, we’ve been talking a lot about new ways to decode complex malwares that involve the usual PHP functions like eval, create_function, preg_replace, assert, base64_decode, etc.

Read More ...

We recently came across a file that shows an interesting case with a Javascript malicious code injection in a website’s custom script file, though it’s not specific to any particular website software:

Read More ...

This is a quick posts about yet another quite massive attack that installs CoinHive JavaScript Monero miners on compromised websites. You might have already read our blog posts on how such attacks were first detected and how they escalated after that.

On Oct 30th, 2017 Microsoft Malware Protection Services tweeted about a new cryptocurrency miner on compromised sites.

Read More ...

Recently we saw a new wave of a known malware that injects malicious WordPress admin users to vulnerable or compromised sites.

Read More ...

Recently, during a website investigation, we detected that attackers have been modifying the database structure of WP Maintenance plugin (which is a very popular wordpress plugin which adds a "down for maintenance" or coming soon page for your website) and inserting malicious code into wpmm_settings option to lead users to the harmful content.

Read More ...