Over the past few weeks, we’ve seen an increase in Troldesh ransomware using compromised websites as intermediary malware distributors. The malware often uses a PHP file that acts as a delivery tool for downloading the host malware dropper: hxxp://doolaekhun[.]com/cgi-bin/[redacted].php This type of infected URL is usually spread through malicious emails or through services like social […]
Tag Archives: Website Security
Magento Skimmers: From Atob to Alibaba
Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this: It uses the JavaScript atob function to decode base64-encoded domain names and URL patterns. In the sample above, it’s hxxps://livegetpay[.]com/pay.js?v=2.2.9 and “onepage”, respectively. The campaign used a variety of different domain names and targeted all sorts […]
Autoloaded Server-Side Swiper
Front-end JavaScript-based credit card stealing malware has garnered a lot of attention within the security community. This makes sense, since the “swipers” can be easily detected by simply scanning the web pages of e-commerce sites. However, this isn’t the only way to steal payment details and sensitive user information from compromised sites. Server-side swipers are […]
Malicious Plugin Used to Encrypt WordPress Posts
During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner complained of a newly installed and activated plugin on their website that was rendering their original content unreadable. The plugin encrypted posts with the ‘AES-256-CBC’ method by using the openssl_encrypt […]
Neapolitan Backdoor Injection
Most of us are familiar with Neapolitan ice cream: a flavour whose distinguishing characteristic is not one single flavour but several. Many also know it as the ice cream which your roommate eats all of the chocolate, leaving you with the paltry remains of the notably less popular vanilla and strawberry flavours. While cleaning a […]
Reverse Hardening WordPress Config
Hardening is the process of securing a website or system against known security weaknesses or potential issues to reduce the attack surface. The more functions or features a website has, the more potential points of entry an attacker has to leverage. For example, a popular method for hardening WordPress installations is to disable the backend […]
How to Stop a DDoS Attack & Prevent Future Attacks
DDoS attacks are a growing threat for websites. But do you know how to mitigate them in their tracks? We’ll cover some essential fundamentals on stopping a DDoS attack and preventing them from happening in the future. Specifically, as a webmaster, keeping your site online during large traffic spikes is what you strive for. We […]
Fake Google Domains Used in Evasive Magento Skimmer
We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings. Our investigation revealed that the site had been infected with a credit card skimmer loading JavaScript from the malicious internationalized domain google-analytîcs[.]com (or xn--google-analytcs-xpb[.]com in ASCII): The malicious user purposely selected the domain name […]
How to Perform a Website Security Audit ( with Checklist)
Why Should You Audit Your Website for Security? Most hacks and cyber attacks happen because of poor security practices. The first step you can take to improve your online security is knowing exactly what’s installed on your website. Having a checklist can help you stay on top of website security. Website Audit Checklist Here is […]
Reset Email Account Passwords after Website Infection: Follow Up
In a previous analysis of a malicious file, we demonstrated why you should always update your email account passwords after a security compromise. The information security threat landscape is always changing. Likewise, the tools used by bad actors are also evolving to evade detection by IDS/IPS and other similar services. cPanel Hosting Environment File Analysis […]
