Malware obfuscation comes in all shapes and sizes — and it’s sometimes hard to recognize the difference between malicious and legitimate code when you see it.

Recently, we came across an interesting case where attackers went a few extra miles to make it more difficult to notice the site infection.

Mysterious wp-config.php Inclusion

During the inspection of the WordPress configuration file wp-config.php, we detected the following line of code:

include_once $_SERVER[‘DOCUMENT_ROOT’].’/wp-content/plugins/wp-config-file-editor/vendor/xptrdev/WPPluginFramework/Include/Services/Queue/functions.php’;

So, should this code snippet be there or not?

Continue reading Unmasking Black Hat SEO for Dating Scams at Sucuri Blog.

Via Sucuri.net