Sucuri Labs

One way of hidding an iframe

There are multiple ways to inject an iframe on a web site, and every day we found a new evasion technique to make it harder to detect it. This is a new one found by Fio:

It uses many encondings to just load this iframe:

Which redirects the user visitng a compromised site to a porn page.

Daniel Cid

Daniel B. Cid is Founder of Sucuri and the VP of Engineering for the GoDaddy Security Products group. He is also the founder of OSSEC and CleanBrowsing. You can find more about Daniel on his site dcid.me or on Twitter: @danielcid

Related Tags

Labs Note

WordPress Admin Login Stealer

Krasimir Konov
April 27, 2020

During an investigation, we identified a WordPress login stealer using the PHP functions curl and file_get_contents. The malicious code was injected into the core file…

Read the Post

COVID-19 Chloroquine Pharmaspam

Luke Leal
August 20, 2020

A recent SiteCheck scan of an organization’s website showed an interesting pharmacy spam injection targeting COVID-19-related pages of websites. The HTML that was flagged by…

Read the Post

SiteCheck Mid-Year Report Hacked Websites

SiteCheck Remote Website Scanner — Mid-Year 2023 Report

Denis Sinegubko
August 8, 2023

Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide…

Read the Post

Cookie consent script used to distribute malware

Krasimir Konov
May 29, 2018

Since the new website cookie usage regulations in the EU have come into place, many websites have added a warning on their website about how…

Read the Post

Evaluating Cookies to Hide Backdoors

Luke Leal
January 7, 2021

Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often…

Read the Post

Size for Opera: Hiding Spammy Links

Denis Sinegubko
November 5, 2019

There are many different tricks hackers use to make injected spam links invisible to regular visitors. Below is an example employed by one link spam…

Read the Post

Magento 2 PHP Skimmer Saves To Image File

Magento Credit Card Stealing Malware: gstaticapi

Krasimir Konov
September 25, 2020

Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information.…

Read the Post

Sucuri Labs

New version of Magento Credit Card stealer in the wild

Cesar Anjos
November 3, 2016

Hacking into Magento sites and injecting code to steal payment information is very profitable and it’s the biggest trend we are seeing in 2016. It is interesting enough to notice that the same group is being responsible for several attacks.

Read the Post

Naive CoinHive Injections

Denis Sinegubko
December 20, 2017

Since CoinHive domain made it into many blacklists, attackers began avoiding linking to the hosted library file https://coinhive .com/lib/coinhive.min.js. Instead, they uploaded this file to…

Read the Post

Fake WordPress Plugin SiteSpeed Hosts Malicious Ads & Backdoors

Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors

Krasimir Konov
July 16, 2020

Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a…

Read the Post

Related Tags

Related Categories

You May Also Like