Bad actors often look for clever ways to boost the rankings and visibility of their spam pages in search. One of the many black hat SEO injections that we regularly find on compromised sites involves spammy links hidden inside a…
It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download a malicious attachment. To support these activities, attackers seek out…
A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the Magento files: ./app/code/core/Mage/Payment/Model/Method/Cc.php … if ($_SERVER[“REQUEST_METHOD”] === “GET”){ if (strpos($_SERVER[“REQUEST_URI”],…
Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of techniques that can make it challenging to detect. For example,…
Since April, our team has been tracking the spread of a PHP malware dropper. It’s impacting unsuspecting victims who thought they were downloading a mapping software to monitor the spread of the COVID-19 pandemic. While the attack is likely spread…
A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting. Among 246 other lines, this very specific part stood out to me: $config = wp_dbase_config_init(‘_as_sert’);…
Attackers are always trying to come up with new ways to evade detection from the wide range of security controls available for web applications. This also extends to malware like PHP shells, which are typically left on compromised websites as…
Sometimes, website owners no longer want to own a domain name and they allow it to expire without attempting to renew it. This happens all the time and is totally normal, but it’s important to remember that attackers regularly monitor…