Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus software such as Kaspersky and ESET would issue a warning but only once a product had been added to the cart and a customer was about to enter their payment […]
Tag Archives: malware cleanup
The Hidden PHP Malware that Reinfects Cleaned Files
Website reinfections are a serious problem for website owners, and it can often be difficult to determine the cause behind the reinfection — especially if you lack access to necessary logs, which is usually the case for shared hosting services. Some of the more common causes of reinfections are issues like cross- site contamination or […]
Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites
Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website. Users of our WAF were never vulnerable to this exploit. The Sucuri firewall blocks malicious payloads by default using our generic exploitation rules. Technical Details The vulnerability originated from the remains of […]
PinnacleCart Server-Side Skimmers and Backdoors
While open-source ecommerce platforms are the most common targets for web skimmers, hackers also target paid-for software — especially if it’s used on high-profile online stores with large user-bases. This time, our analysts Kara Federow and Keith Petkus found malware on a website powered by PinnacleCart, a webstore solution used by a large number of […]
Hacked Website Threat Report – 2019
The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities to massively exploit, our team works diligently around the clock to identify, analyze, and protect website owners from compromise. Education is key to protecting yourself […]
Zen Cart “PayPal” Skimmer
While we mostly see skimmers on Magento based websites, this does not mean that less-popular ecommerce platforms are safe from infections with similar payment information stealing malware. Our security analyst Christopher Morrow recently found an injection on a lesser known open source ecommerce platform named Zen Cart, which itself is a fork from the older […]
Vulnerable Versions of Adminer as a Universal Infection Vector
This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables. This is still the same ongoing campaign that we’ve been following for the past few years, where site visitors are redirected […]
Down the Malware Rabbit Hole – Part 1
It’s common for malware to be encoded to hide itself—or its true intentions—but have you ever given thought to what lengths attackers will go to hide their malicious code? In our first post in this series, we’ll describe how bad actors hide their malicious code and the steps taken to reveal its true form. Malware […]
Reset Email Account Passwords after Website Infection: Follow Up
In a previous analysis of a malicious file, we demonstrated why you should always update your email account passwords after a security compromise. The information security threat landscape is always changing. Likewise, the tools used by bad actors are also evolving to evade detection by IDS/IPS and other similar services. cPanel Hosting Environment File Analysis […]
How to Prevent Cross-Site Contamination for Beginners
What is Cross-Site Contamination? Cross-site contamination happens when a hacked site infects other sites on a shared server. Think of it as your kid in daycare catching the flu, next thing you know, everybody in the family has it as well. The same happens with websites. A site can be negatively affected by neighboring sites […]