Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want. \ During a recent investigation, we came across an obfuscated pop-up script leveraging baidu[.]com search results to redirect users to the…
In an attempt to avoid detection, attackers and malware authors are always experimenting with different methods to obfuscate their malicious code. During a recent investigation, we came across an interesting backdoor that was leveraging encoding along with common PHP functions…
Our Threat Intelligence team discovered several vulnerabilities present in XCloner Backup and Restore, a WordPress plugin installed on over 30,000 sites. These vulnerabilities could have allowed an attacker to modify arbitrary files, including PHP files. The US government Cybersecurity and…
Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information. To obtain sensitive details, the malware loads external javascript whenever the URL contains “checkout” —…
Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a domain we see used infrequently. The script was found writing malicious contents into an image…
On August 14, our Threat Intelligence team discovered several vulnerabilities present in XCloner Backup and Restore, a WordPress plugin installed on over 30,000 sites. This flaw gave authenticated attackers, with subscriber-level or above capabilities, the ability to modify arbitrary files,…
Employees at companies of all sizes can be targets of phishing attacks, but certain corporations or industries can be more valuable to an attacker than others. For instance, employees at telecom companies will often have some level of elevated access…
Website reinfections are a serious problem for website owners, and it can often be difficult to determine the cause behind the reinfection — especially if you lack access to necessary logs, which is usually the case for shared hosting services.…