Last month, a customer contacted us, concerned about persistent and inexplicable redirects on their WordPress website. Our investigation quickly unearthed a sophisticated piece of malware deeply embedded within their site’s core files. This wasn’t just a simple redirect; it was a complex operation designed for search engine poisoning and unauthorized content injection. What Did We […]
Tag Archives: Malware
Attackers Inject Code into WordPress Theme to Redirect Visitors
In a recent article we discussed some of the reasons sites are frequently attacked. That article covered browser redirects, and we’ll explore an example of such a case here. Website themes are a common attack vector for many reasons. The theme is guaranteed to load on every page, that is the core design of any […]
The Case of Hidden Spam Pages
Spammy posts and pages being placed on WordPress websites is one of the most common infections that we come across. The reason being is that the attack is very low-level in terms of sophistication: All that is required of the attacker is to brute force their way into the wp-admin panel; from there they just […]
Malicious WordPress Plugin Creates Hidden Admin User Backdoor
I recently wrote about a case where a malicious plugin was used to steal admin credentials. Here we will examine yet another malicious plugin that creates a malicious admin user right in the website. Examining the malware While examining the site, we noticed a plugin located at wp-content/plugins labeled php-ini.php. This is strange since directories […]
Analysis of a Malicious WordPress Plugin: The Covert Redirector
A few weeks ago, we received a support request from a website owner who was experiencing unexpected redirects. Visitors landed on the website normally, but after about 4–5 seconds, the site redirected them to unrelated and suspicious websites. During the investigation, we discovered a malicious plugin that was responsible for this behavior, continuing the trend […]
What Motivates Website Malware Attacks?
The depiction in the media of hackers tends to be that of balaclava-wearing villains who type furiously in a dark basement, motivated by nothing but evil intentions. However, while this may be true in some instances, by and large the determining factors that result in malware attacks are largely motivated not by ideology or malice […]
Fake Java Update Popup Found in Malicious WordPress Plugin
We recently assisted a customer who reported a persistent and concerning “Java Update” pop-up appearing on their WordPress website. This type of deceptive notification is a common tactic used by attackers to compromise website visitors. Our investigation revealed a malicious plugin operating stealthily within their WordPress environment. What Did We Find? A plugin installed in […]
Fake Google Meet Page Tricks Users into Running PowerShell Malware
Last month, a customer reached out to us after noticing suspicious URLs on their WordPress site. Visitors reported being prompted to perform unusual actions. We began our investigation, scanning the site for common malware indicators and looking for signs of obfuscated JavaScript or injected iframes. What we found, however, was more subtle and potentially more […]
Another Fake Cloudflare Verification Targets WordPress Sites
A new Cloudflare infection has once again been targeting WordPress sites. This new iteration of malware mimics a legitimate-looking Cloudflare verification page, which then tricks victims into following various commands and downloading malware. This style of malware is not new – our researcher Ben Martin wrote about a similar campaign targeting WordPress sites back in […]
Fake GIF Leveraged in Multi-Stage Reverse-Proxy Card Skimming Attack
In today’s post we’re going to review a sophisticated, multi-stage carding attack on a Magento eCommerce website. This malware leveraged a fake gif image file, local browser sessionStorage data, and tampered with the website traffic using a malicious reverse-proxy server to facilitate the theft of credit card data, login details, cookies, and other sensitive data […]
