A new client recently came to us reporting seemingly random pop ups occurring on their website. While it was clear that there was something amiss with the website it was difficult to reproduce the issue. However, by inspecting our server side scanner logs we were able to locate the source of the unwanted behavior — […]
Archive by Author
What is .htaccess Malware? (Detection, Symptoms & Prevention)
The .htaccess file is notorious for being targeted by attackers. Whether it’s using the file to hide malware, redirect search engines to other sites with black hat SEO tactics, or inject content — the range of possibilities for misuse is vast, making it a prime target for hackers. .htaccess malware can be hard to pinpoint […]
Sucuri WordPress Plugin Updates for 2024
At Sucuri, we believe in making the internet safe for everyone. One way we show this is through our free WordPress security plugin. The Sucuri WordPress plugin is available for download in the WordPress repository. It comes with a range of security features, including WordPress hardening, malware scanning, core integrity check, post-hack features and email […]
New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3
<img width="560" height="263" src="https://blog.sucuri.net/wp-content/uploads/2023/01/BlogPost_Feature-Image_1490x700_Is-WordPress-Secure–560×263.png" alt="New Malware Campaign Found Exploiting Stored XSS in Popup Builder In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup Builder WordPress plugin which was initially disclosed back in November, 2023 by Marc Montpas. In the past three weeks, we’ve started […]
From Web3 Drainer to Distributed WordPress Brute Force Attack
Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects drainers using the external cachingjs/turboturbo.js script. Our SiteCheck website scanner has already detected this version on over 1,200 sites since the beginning of February, 2024. Since our last post, this […]
New Wave of SocGholish Infections Impersonates WordPress Plugins
SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This long-standing malware campaign leverages a JavaScript malware framework that has been in use since at least 2017. The malware attempts to trick unsuspecting users into downloading what is actually a […]
WordPress Vulnerability & Patch Roundup February 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
Web3 Crypto Malware: Angel Drainer – From Phishing Sites to Malicious Injections
Since January 2024, there has been a notable surge in attacks by a novel form of website malware targeting Web3 and cryptocurrency assets. This malware, spread across multiple campaigns, uses crypto drainers to steal and redistribute assets from compromised wallets. The strategy involves either injecting drainers directly into compromised websites or redirecting site visitors to […]
Remote Access Trojan (RAT): Types, Mitigation & Removal
Remote Access Trojans (RATs) are a serious threat capable of giving attackers control over infected systems. This malware stealthily enters systems (often disguised as legitimate software or by exploiting a vulnerability in the system) and opens backdoors for attackers to perform a wide range of malicious activities on the victim’s computer. This blog post is […]
What is DDoSing
Nowadays, the term DDoS — or Distributed Denial of Service — raises the heart rate of most webmasters. Though many don’t know exactly what DDoSing is, they might be familiar with the effects of getting DDoSed: an extremely sluggish, dysfunctional, or entirely shut down website. In this article, we’ll define DDoSing, discuss the most common […]
