Website malware comes in all shapes and sizes, each with its own unique methods of attack and evasion. One threat making regular headlines is SocGholish, a sophisticated and persistent malware that has been targeting websites for over 7 years. Understanding how SocGholish operates and learning how to protect against it is essential if you want […]
Tag Archives: Malware
2023 Hacked Website & Malware Threat Report
Education is essential for defending your website against emerging threats. That’s why we are thrilled to share our 2023 Hacked Website & Malware Threat Report. Disseminating this information to the community helps educate website owners about the latest trends and threats. This year, we’ve included new insights to highlight the most prevalent tactics and techniques […]
Hundreds of Websites Targeted by Fake Google Chrome Update Pop-Ups
Fake Browser Update campaigns are known for their deceptive tactics used by hackers to trick users into downloading malicious software. These campaigns typically involve injecting malicious code into a website, which then displays a popup message urging users to update their web browser. Clicking on the provided link usually results in downloading malware, such as […]
From Privacy to Exfiltration: Telegram’s Role in Website Malware
Telegram, a name synonymous with secure messaging, has paradoxically become a tool for cybercriminals who abuse the strengths of the platform to target unsuspecting websites. This popular messaging platform, once known for its commitment to user privacy and security, is now being used in ways its creators never intended: a conduit for controlling malware-infected websites. […]
Server Side Credit Card Skimmer Lodged in Obscure Plugin
Attackers are always finding new ways to inject malware into websites and new ways to obscure it to avoid detection, but they’re always up to their same old tricks. In this post, we’ll explore how attackers are using a very obscure PHP snippet WordPress plugin to install server-side malware to harvest credit card details from […]
Mal.Metrica Redirects Users to Scam Sites
One of our analysts recently identified a new Mal.Metrica redirect scam on compromised websites, but one that requires a little bit of effort on the part of the victim. It’s another lesson for web users to be careful what they click on, and to be wary of anything suspicious that pops up in their browser […]
JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS
Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The most interesting thing about that malware was how it used dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs. We’ve been tracking this campaign ever since — […]
Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker
In recent months, we have encountered a number of cases where attackers inject malware into website software that allows for custom or miscellaneous code — for example, the miscellaneous scripts area of the Magento admin panel, or WordPress plugins such as Custom CSS & JS. Custom script editors are popular with bad actors because they […]
Web Shells: Types, Mitigation & Removal
Web shells are malicious scripts that give attackers persistent access to compromised web servers, enabling them to execute commands and control the server remotely. These scripts exploit vulnerabilities like SQL injection, remote file inclusion (RFI), and cross-site scripting (XSS) to gain entry. Once deployed, web shells allow attackers to manipulate the server, leading to data […]
Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS
We often write about malware that steals payment information from sites built with Magento and other types of e-commerce CMS. However, WordPress has become a massive player in ecommerce as well, thanks to the adoption of Woocommerce and other plugins that can easily turn a WordPress site into a fully-featured online store. This popularity also […]
