At Sucuri, our security researchers continually monitor for new malware variants and infection techniques targeting WordPress websites. Recently, we’ve uncovered multiple cases where threat actors are leveraging the mu-plugins directory to hide malicious code. This approach represents a concerning trend, as the mu-plugins (Must-Use plugins) are not listed in the standard WordPress plugin interface, making […]
Tag Archives: Malware
Fake Cloudflare Verification Results in LummaStealer Trojan Infections
Today’s blog post will be a follow up to a previous article we posted a few weeks ago: We continue to see new variants of this malware campaign emerge. WordPress websites continue to be used as staging grounds to trick website visitors into running malicious powershell commands on their Windows computers in order to infect […]
Credit Card Skimmer and Backdoor on WordPress E-commerce Site
The battle against e-commerce malware continues to intensify, with attackers deploying increasingly sophisticated tactics. In a recent case at Sucuri, a customer reported suspicious files and unexpected behavior on their WordPress site. Upon deeper analysis, we discovered a complicated infection involving multiple components: a credit card skimmer, a hidden backdoor file manager, and a malicious […]
Cascading Redirects: Unmasking a Multi-Site JavaScript Malware Campaign
During a recent website security investigation, we uncovered a malicious JavaScript injection affecting a WordPress website. The infection was responsible for redirecting visitors to unwanted third-party domains, ultimately harming the site’s reputation and potentially exposing users to further malicious activity. What was discovered? A customer reached out to us, reporting that their website was unexpectedly […]
Fake WordPress Plugin Impacts SEO by Injecting Casino Spam
Injecting malware via a fake WordPress plugin has been a common tactic of attackers for some time. This clever method is often used to bypass detection as attackers exploit the fact that plugins are not part of the core files of a WordPress site, making integrity checks more difficult. Attackers often hide the malicious plugin […]
WordPress ClickFix Malware Causes Google Warnings and Infected Computers
Since December of last year there has been a new fake Google reCAPTCHA campaign making its way through the WordPress world. Very similar to malware which we wrote about last Summer, the website malware injection attempts to trick unsuspecting victims into executing malicious Powershell commands within Windows OS environments with the end goal of infecting […]
When Spam Hides In Plain Sight
We recently worked on an interesting case where Casino spam was visible in the page source, but couldn’t be located in any of the usual database rows or site files. Sitecheck flagged this as well. Casino and gambling spam is one of the most common types of spam attackers use. They are hoping that victims […]
Hidden Backdoors Uncovered in WordPress Malware Investigation
At Sucuri, we often encounter cases where malware is deeply embedded in websites, hidden in files and scripts that can easily escape detection. In this article, we’ll walk you through a real-life incident where a customer contacted us about unusual behavior on their WordPress website. After a detailed investigation, we uncovered multiple backdoors allowing attackers […]
Malware Redirects WordPress Traffic to Harmful Sites
Recently, a customer approached us after noticing their website was redirecting visitors to a suspicious URL. They suspected their site had been compromised and sought assistance in identifying and resolving the issue. This prompted a deeper investigation into the infection and its behavior. What did we see? The website’s redirects were leading to hxxps://cdn1[.]massearchtraffic[.]top/sockets. Continue […]
Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection
Recently, we released an article where a credit card skimmer was targeting checkout pages on a Magento site. Now we’ve come across sophisticated credit card skimmer malware while investigating a compromised WordPress website. This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment details. The malware […]
