Over the past year, there’s been an increasing trend of WordPress malware using SQL triggers to hide malicious SQL queries within compromised databases. These queries inject an admin level user into the infected database whenever the trigger condition is met.…
Last November, we wrote about how attackers are using JavaScript injections to load malicious code from legitimate CSS files. At first glance, these injections didn’t appear to contain anything except for some benign CSS rules. A more thorough analysis of…
Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of techniques that can make it challenging to detect. For example,…
In an effort to maintain unauthorized access or profit off a website’s environment long after an initial compromise, attackers commonly leverage a variety of different techniques and tactics. These techniques range from adding backdoors, stealing sensitive data, redirecting the site…
A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting. Among 246 other lines, this very specific part stood out to me: $config = wp_dbase_config_init(‘_as_sert’);…
Attackers are always trying to come up with new ways to evade detection from the wide range of security controls available for web applications. This also extends to malware like PHP shells, which are typically left on compromised websites as…
In a previous post, I discussed how attackers can trick website owners into installing malware onto a website — granting the attacker the same unauthorized access as if they had exploited a vulnerability or compromised login details for the website.…
We sometimes find malware code injections that contain strange code comments, which are normally used by programmers to annotate a section of code — for example, a short description of a feature or functionality for other developers to reference. Oftentimes,…