Readers of this blog will know that attackers are constantly finding new ways to hide their malware and avoid detection; after all, that’s what good malware does best! We have recently observed attackers leveraging both excessive amounts of unicode as well as peculiar includes and file extensions within their WordPress backdoors to conceal their malware […]
Tag Archives: Malware
Demystifying Website Hacktools: Types, Threats, and Detection
When we think about website malware, visible infection symptoms most often come to mind: unwanted ads or pop-ups, redirects to third party sites, or spam keywords in search results. However, in some cases these very symptoms are the results of hacktools, a diverse and often insidious category of software designed to exploit vulnerabilities and compromise […]
What is a 403 Error & How to Fix It
A 403 error can be a frustrating interruption to anyone’s day; it can lead to exasperated website visitors, even leading to lost traffic and website revenue depending on the affected page. When you (or your site visitors) encounter an unexpected 403, it’s vital to assess the issue promptly in the event that it’s the symptom […]
Vulnerability in Essential Addons for Elementor Leads to Mass Infection
On May 11th, 2023, the very popular WordPress plugin Essential Addons for Elementor released a patch for a critical privilege escalation vulnerability, initially discovered by PatchStack. The technical details of this vulnerability can be found on their recent blog post. Over one million websites use this plugin and the fallout from this has been absolutely […]
Xjquery Wave of WordPress SocGholish Injections
In November, 2022, my colleague Ben Martin described how hackers were using zipped files and encrypted WordPress options stored in the database to inject SocGholish scripts into compromised WordPress sites. A bit later, we documented minor changes in the way this malware worked. By the end of March, 2023, we started noticing a new wave […]
What is Steganography? (Or, How Hackers Hide Malware On Websites)
As a child, I loved sending secret messages to my friends using invisible ink. A quick squeeze of lemon juice was all I needed to jot down my secret message. When combined with a simple heat source (I used the heat of the wood stove), the contents of my top secret note were revealed in […]
Massive Abuse of an Abandoned Eval PHP WordPress Plugin
Attackers are always finding new and creative ways to compromise websites and maintain their foothold in environments. This is frequently done via the use of backdoors: PHP scripts designed to allow attackers access and control even after you’ve changed your passwords and thought that the worst was over. Since external scans are unable to see […]
Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign
Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a proper name. Typically, we refer to it as an ongoing long lasting massive WordPress infection campaign that leverages all known and recently discovered theme and plugin vulnerabilities. Other organizations and […]
Hacked Website Threat Report – 2022
Education is crucial in defending your website against emerging threats. That’s why we are thrilled to share our 2022 Website Threat Research Report. Disseminating this information to the community helps educate website owners about the latest trends and threats. This year, we’ve included new insights to highlight the most prevalent tactics and techniques observed in […]
WooCommerce Credit Card Skimmer Reveals Tampered Gateway Plugin
Disclaimer: The malware infection described in this article does not affect the software plugin or payment gateway as a whole, and does not indicate any vulnerabilities or security flaws within Authorize.net itself nor WooCommerce or any associated WooCommerce plugin extensions. Overall they are both robust and secure payment platforms that are perfectly safe to use. […]
