We’ve been watching a specific WordPress infection for several months and would like to share details about it. The attacks inject malicious JavaScript code into almost every .js file it can find. Previous versions of this malware injected only jquery.js files, but now we remove this code from hundreds of infected files. Due to a More Info »
Tag Archives: javascript
Spotting a Hidden SEO Hack: “Play One”
SEO hacks continue to plague websites as attackers abuse SERP rankings for their own gain. The time and effort spent by the website owner creating content, optimizing pages and building links is stolen by an attacker in an instant. For many years, spam injections placed inside legitimate pages have remained one of the most prevalent More Info »
Malicious Subdirectories Strike Again
In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites. By adding malicious files into a directory and using the victim’s database structure, attackers were able to inject ads and promote their products. This time, attackers used a similar technique More Info »
Stored XSS in WordPress Core
As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites. While our original disclosure only described one vulnerability, we actually reported two to the WordPress team. As it turns out, it was possible to leverage the content injection issue to achieve a stored cross-site scripting attack. This issue More Info »
JavaScript Injections Leads to Tech Support Scam
During a recent malware investigation, we found some interesting obfuscated Javascript code. This code pretends to appear as part of the popular AddThis social sharing plugin, using it in URL naming conventions and an image file. The malware ultimately redirects website visitors to node.additionsnp[.]top which hosts a tech support scam that can be dangerous to More Info »
Injection of Unwanted Google AdSense Ads
During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-up ads triggered when a visitor spends a certain amount of time on an infected page, or automatic redirection of mobile traffic to URLs that belong to ad networks. It’s not More Info »
Session Stealer Script Used In OpenCart
With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few clicks you can set up an online storefront and sell your products. While the process to get the site up may be simple, there are always risks that arise when More Info »
Malicious Redirect Injected in Magento One Page Checkout
With the holiday season around the corner, ecommerce sites are very valuable to website owners and equally attractive to attackers. Hackers have been targeting Magento installations in order to steal sensitive information like credit card data or PayPal logins, but in this case, promote websites for their monetary gain. Being PCI compliant is becoming increasingly More Info »
A Plugin’s Expired Domain Poses a Security Threat to Websites
Do you keep all your website software (including all third-party themes, plugins and components) up-to-date? You should! We always recommend this to our clients and our readers. Applying updates quickly will make sure that you replace any vulnerable code as soon as the security patch is released. However, this isn’t the only reason to keep… More Info »
Phishing Attacks Target Ecommerce Checkout Pages
Hunting credit card details on compromised ecommerce websites has become popular over the last two years. We have reported multiple cases in the past where attackers targeted checkout pages and payment modules via malicious “patches” designed to steal payment details. These thefts can’t be easily detected by customers (no visible signs) nor the site owners… More Info »
