Most phishing advice is written for the person staring at a suspicious email. This guide is for the other kind of victim: The website owner whose legitimate site has been quietly turned into the attacker’s weapon. You didn’t send the message or build the fake login page. You just woke up to a browser warning, […]
Tag Archives: malware cleanup
Joomla SEO Spam Injector: Obfuscated PHP Backdoor Hijacking Site Visitors
Overview During a recent malware cleanup investigation, we encountered a compromised Joomla website where the site owner reported a strange issue. Their website displayed a large number of suspicious product links that had nothing to do with their business. These products were not added by the website owner and did not exist in their catalog. […]
Shadow Directories: A Unique Method to Hijack WordPress Permalinks
Last month, while working on a WordPress cleanup case, a customer reached out with a strange complaint: their website looked completely normal to them and their visitors, but Google search results were showing something very different. Instead of normal titles and descriptions, Google was displaying casino and gambling-related content. We have been seeing rising cases […]
Malware Intercepts Googlebot via IP-Verified Conditional Logic
Some attackers are increasingly moving away from simple redirects in favor of more “selective” methods of payload delivery. This approach filters out regular human visitors, allowing attackers to serve malicious content to search engine crawlers while remaining invisible to the website owner. What did we find? During a malware investigation, we identified a selective content […]
WordPress Auto-Login Backdoor Disguised as JavaScript Data File
During a recent investigation, we discovered a sophisticated WordPress backdoor hidden in what appears to be a JavaScript data file. This malware automatically logs attackers into administrator accounts without requiring any credentials. In September, we published an article showcasing another WordPress backdoor that creates admin accounts. This new variant takes a different approach by hijacking […]
Unauthorized Admin User Created via Disguised WordPress Plugin
Recently at Sucuri, we investigated a malware case reported by one of our clients. Their WordPress site was compromised, and the attacker had installed a fake plugin. Upon analysis revealed that it was a sophisticated backdoor plugin designed to create a persistent and hidden administrator account. What Did We Find? The infection was located inside […]
7 Steps to Remove Malware from WordPress
If you’ve ever had your website compromised by malware, you know the sheer panic it can cause. But don’t worry, you’re not alone. More importantly it’s something you can fix! In this guide, we’ll walk you through seven essential steps to remove malware from your WordPress site. From backing up your website to removing the […]
Web Shells: Types, Mitigation & Removal
Web shells are malicious scripts that give attackers persistent access to compromised web servers, enabling them to execute commands and control the server remotely. These scripts exploit vulnerabilities like SQL injection, remote file inclusion (RFI), and cross-site scripting (XSS) to gain entry. Once deployed, web shells allow attackers to manipulate the server, leading to data […]
Hacked Website Threat Report – 2022
Education is crucial in defending your website against emerging threats. That’s why we are thrilled to share our 2022 Website Threat Research Report. Disseminating this information to the community helps educate website owners about the latest trends and threats. This year, we’ve included new insights to highlight the most prevalent tactics and techniques observed in […]
Attackers Abuse Cron Jobs to Reinfect Websites
Malicious cron jobs are nothing new; we’ve seen attackers use them quite frequently to reinfect websites. However, in recent months we’ve noticed a distinctive new wave of these infections that appears to be closely related to this article about a backdoor that we’ve been tracking. In today’s post we’ll be discussing what cron jobs are, […]
