Tag Archives: Website Security

From Privacy to Exfiltration: Telegram’s Role in Website Malware

Telegram, a name synonymous with secure messaging, has paradoxically become a tool for cybercriminals who abuse the strengths of the platform to target unsuspecting websites. This popular messaging platform, once known for its commitment to user privacy and security, is now being used in ways its creators never intended: a conduit for controlling malware-infected websites. […]

How to Fix the NET::ERR_CERT_DATE_INVALID Error

Encountering the NET::ERR_CERT_DATE_INVALID error can be frustrating, but it’s important to address it promptly to ensure your website remains secure and trustworthy. This error typically indicates an issue with your website’s SSL/TLS certificate, which is essential for encrypting data and ensuring a secure connection between your website and its visitors. When this error occurs, users […]

What is a Zero-Day Vulnerability?

Navigating the world of website security can feel like stepping into a minefield, especially when you have to navigate threats like zero-day vulnerabilities. Zero-days are security flaws that, worryingly, remain hidden from everyone involved — from dev teams and users, to even the most conscientious vulnerability researchers. In this post, we’ll take a look at […]

What is Cookie Hijacking

Cookie hijacking involves unauthorized access to cookies, which are small pieces of data stored on your browser by websites you visit. Cookies often contain sensitive information, including session tokens that authenticate users to a web application. By hijacking these cookies, attackers can impersonate users and gain unauthorized access to private accounts and sensitive data. Given […]

JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS

Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The most interesting thing about that malware was how it used dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs. We’ve been tracking this campaign ever since — […]

Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker

In recent months, we have encountered a number of cases where attackers inject malware into website software that allows for custom or miscellaneous code — for example, the miscellaneous scripts area of the Magento admin panel, or WordPress plugins such as Custom CSS & JS. Custom script editors are popular with bad actors because they […]

Web Shells: Types, Mitigation & Removal

Web shells are malicious scripts that give attackers persistent access to compromised web servers, enabling them to execute commands and control the server remotely. These scripts exploit vulnerabilities like SQL injection, remote file inclusion (RFI), and cross-site scripting (XSS) to gain entry. Once deployed, web shells allow attackers to manipulate the server, leading to data […]

From Web3 Drainer to Distributed WordPress Brute Force Attack

Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects drainers using the external cachingjs/turboturbo.js script. Our SiteCheck website scanner has already detected this version on over 1,200 sites since the beginning of February, 2024. Since our last post, this […]

New Wave of SocGholish Infections Impersonates WordPress Plugins

SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This long-standing malware campaign leverages a JavaScript malware framework that has been in use since at least 2017. The malware attempts to trick unsuspecting users into downloading what is actually a […]