During the last couple of years, website ransomware has become one of the most actively developing types of malware. After infamous fake anti-viruses, this it the second most prominent wave of malware that makes money by directly selling “malware removal” services to users of infected computers. But unlike fake anti-viruses, that were mostly harmless, and used as aRead […]
Tag Archives: Website Infection[s]
Website Malware – Evolution of Pseudo Darkleech
Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and coordinates, iframes with No-IP host names, and random dimensions where the random parts changed on every page load. Back then, we identified that it was not a server-level infection. TheRead […]
Return of the EXIF PHP Joomla Backdoor
Our Remediation and Research teams are in constant communication and collaboration. It’s how we stay ahead of the latest threats, but it also presents an opportunity to identify interesting threats that aren’t new but may be reoccuring. Such as today’s post, in which we explore a case we shared close to two years ago whereRead […]
WordPress Malware – VisitorTracker Campaign Update
For the last 3 weeks we have been tracking a malware campaign that has been compromising thousands of WordPress sites with the VisitorTracker malware code. We initially posted some details about this issue on this blog post: WordPress Malware – Active VisitorTracker Campaign, but as the campaign and the malicious code has evolved, we decided provideRead […]
WordPress Malware – Active VisitorTracker Campaign
We are seeing a large number of WordPress sites compromised with the “visitorTracker_isMob” malware code. This campaign started 15 days ago, but only in the last few days have we started to see it gain traction; really affecting a large number of sites. We initially shared our thoughts on it via our SucuriLabs Notes, but as theRead […]
Ask Sucuri: How did my WordPress Website get Hacked? – A Tutorial
With the proliferation of Infrastructure and Platform as a Service providers, it is no surprise that a majority of today’s websites are hosting in the proverbial cloud. This is great because it allows organizations and individuals alike to quickly deploy their websites, with relatively little overhead on their own infrastructure/systems. While there are so manyRead […]
SweetCAPTCHA Service used to Distribute Adware
SweetCaptcha is free CAPTCHA service that offers to match sweet-looking images instead of making you recognize distorted digits and characters. It has integration with many website platforms: pure PHP, WordPress (10,000+ plugin installs), Drupal, Joomla, ModX, .NET, JavaScript, and even offers an API that can be used on other platforms. So far so good. MaliciousRead […]
Analysis of the Fancybox-For-WordPress Vulnerability
We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the details explaining how attackers could use this vulnerability to inject malicious iframes on websites using this plugin. Technical details This vulnerability exploited a somewhat well-known attack vector amongst WordPress plugins: unprotected […]
Websites Compromised with CloudFrond Injection
If you haven’t already noticed, we spent a good deal of time scraping the bottom of the interweb barrel, it’s dirty work, but someone has to do it. I’m not going to lie though, to us it’s fascinating digging up little nuggets daily, understanding how attackers think and uncovering the latest trends. Besides, it gives […]
New Malware Campaign – WPcache-Blogger – Affects Thousands more WordPress Websites via RevSlider
If SoakSoak wasn’t enough, we are starting to see a new malware campaign leveraging the RevSlider vulnerability and compromising thousands of WordPress sites in the last few days. Unlike SoakSoak, it’s comprised of 3 distinct malframes – creating one new campaign. We’re tracking each closely: 1- wpcache-blogger: This campaign is using the domain wpcache-blogger.com as […]