Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a domain we see used infrequently. The script was found writing malicious contents into an image directory on a compromised website, allowing an attacker to execute other malicious commands. The attacker […]
Tag Archives: Website Security
Phishing Page Targets AT&T’s Employee Multi-Factor Authentication
Employees at companies of all sizes can be targets of phishing attacks, but certain corporations or industries can be more valuable to an attacker than others. For instance, employees at telecom companies will often have some level of elevated access that is unavailable to a non-employee. In fact, this access can be so valuable that […]
The Hidden PHP Malware that Reinfects Cleaned Files
Website reinfections are a serious problem for website owners, and it can often be difficult to determine the cause behind the reinfection — especially if you lack access to necessary logs, which is usually the case for shared hosting services. Some of the more common causes of reinfections are issues like cross- site contamination or […]
phpbash – A Terminal Emulator Web Shell
It’s common for hackers to utilize post-compromise tools that contain a graphical user interface (GUI) that can be loaded in the web browser. A GUI generally makes the tool easier to use — and certainly more visually appealing than just raw text. One example of web malware that uses GUIs are PHP webshells like r57. […]
Missing DMARC Records Lead to Phishing
Email will continue to be the dominant mode of digital communication for the foreseeable future. However, the email framework was not designed with security in mind. There still are security flaws that bad actors regularly exploit to their advantage. Recently, researchers have discovered a business-email compromise scam in Russia. Known as Cosmic Lync, the cybercriminal […]
WordPress Malware Disables Security Plugins to Avoid Detection
An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable it? I’ve previously written about malware that reverses security hardening measures enacted either manually by the owner, or through the use of a security plugin […]
Reflected XSS in WordPress Plugin Admin Pages
The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little purpose here — an administrator already has the required permissions to do all of the actions a vulnerability could cause. While this is usually true, there are a number of […]
Using assert() to Execute Malware in PHP 7 Environments
Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x, making it an incredibly popular scripting language — which is likely why attackers are creating malware to target environments which leverage it. During a recent investigation, our team stumbled across […]
Magento Multiversion (1.x/2.x) Backdoor
The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to use it for the foreseeable future. Unfortunately, attackers are also aware that many websites are straggling with their Magento migrations and post compromise tools have been created to support deployment for both Magento 1.x and […]
COVID-19 Chloroquine Pharmaspam
A recent SiteCheck scan of an organization’s website showed an interesting pharmacy spam injection targeting COVID-19-related pages of websites. The HTML that was flagged by our SiteCheck signature, spam-seo.hidden_content?100.2, shows why the pharmacy spam text was not displayed on the infected web page: This spammer is trying to obfuscate their link injection by assigning a […]
