Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

A client reported some weird spam URLs injected on their WordPress website and after an investigation, it turned out that the hacker was hiding the encoded spam injector malware in the following theme file:

./wp-content/themes/toolbox/functions.php

The hacker formatted the encoded injector to look like a theme’s license key trying to distract eyes from suspecting this code and finding the malware:

Read More ...

We continue to see an increase in the number of these PHP injections that use multiple obfuscation methods to evade detection, but lately one method has been increasingly utilized:

Read More ...

We've been cleaning many sites infected by the so-called site_url hack–the result of the WP GDPR Compliance plugin vulnerability. The sites are broken because their static resource links point to some third party site. However, this is not the only issue.

Read More ...

There is a long-lasting malware campaign (dating back to at least 2016) that injects fake jQuery scripts:

<script type="text/javascript" src="hxxps://www.XX[X]wp[.]org/jquery.js"></script>

Where XX[X] are 2 or 3 random characters.

This Twitter thread mentions some of them:

Read More ...

This September, we’ve been seeing a massive infection wave that injects malicious JavaScript code into .js, .php files and the WordPress database.

The script looks like this:

Read More ...

Seeing malicious campaigns using domain names that resemble big market players is not news anymore. This time I'll talk about the new redirects of cloudflare.pw.

Read More ...

During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded,  Crypto Miners were ran on customers visiting the website.

Read More ...

I recently came across an interesting index.php file and its corresponding directory on a compromised website. I loaded it in a testing environment and immediately it was apparent that this malicious PHP file was different than your average spam tool:

Read More ...

All across the internet we find guides and tutorials on how to keep your WordPress site secure, and they all approach the concept of user roles, but not many actually approach the capabilities of those roles.

Read More ...