Tag Archives: javascript

Malware Campaigns Sharing Network Resources: r00ts.ninja

We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered when reviewing sources of the various malicious domains used in a recent WordPress plugin exploit wave. Mass Infection of WordPress Websites The latest Easy More Info »

Google Analytics and Angular in Magento Credit Card Stealing Scripts

Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners. The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js, js/meigee/jquery.min.js, and js/varien/js.js. The obfuscated code loads another script from More Info »

A Scam-Free Cyber Monday for Online Businesses

Every year we see an increase in website attacks during the holidays.  While business owners see their sales go up due to promotional Black Friday and Cyber Monday campaigns, hackers are in the background working nonstop to create malicious, fraudulent websites as well as take advantage of legitimate ones. Main Cyber Monday Threats Phishing Pages One More Info »

Obfuscated JavaScript Cryptominer

During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out that cryptominers were running on visitor’s computers when they accessed our customer’s website. We have previously discussed how cryptomining can happen in many covert ways. In this post, we will show you how a malicious code More Info »

Unsuccessfully Defaced Websites

Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a peculiar JavaScript injection included in the source code. What is a Defacement? Website defacement is a hack that often involves adding malicious images to the website homepage and More Info »

An Old Trick with a New Twist: Cryptomining Through Disguised URL Shorteners

As we have previously discussed on this blog, surreptitious cryptomining continues to be a problem as new methods emerge to both evade and hasten the ease of mining at the expense of system administrators, website owners, and their visitors. Another Way Hackers are Tricking Website Visitors into Stealth Cryptomining The latest of these new techniques More Info »

Massive localstorage[.]tk Drupal Infection

After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this one: Massive #Drupal infection that redirects to “Tech Support” scam via “js.localstorage[.]tk” https://t.co/30ZeLIyfza pic.twitter.com/ZCPMepM74k — Denis (@unmaskparasites) April 24, 2018 … with over a thousand compromised sites that redirect visitors to “Tech More Info »