Tag Archives: Website Backdoor

Vulnerable Versions of Adminer as a Universal Infection Vector

This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables. This is still the same ongoing campaign that we’ve been following for the past few years, where site visitors are redirected More Info »

Throwback Threat Thursday: JCE Vulnerability

Despite WordPress’ market share completely overshadowing other CMS’, Joomla (previously known as Mambo) has still managed to retain its position as the second most popular CMS. In fact, even with a decreasing market share in the overall CMS landscape, there are still well over a million live websites using Joomla to manage their digital content. More Info »

Fake UpdraftPlus Plugins

We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins with backdoor functionality. Malicious Plugins Sourced from UpdraftPlus Attackers have been using different names for these fake plugins, including initiatorseo or updrat123—but any title can be used. While their code More Info »

Cryptominers & Backdoors Found in Fake Plugins

When cleaning websites, we regularly find phishing pages, malicious code injected into files, and SEO spam. However, over the past couple of months we’ve also noticed a considerable increase in the number of malicious plugins which have been added to compromised websites as well. These plugins appear to be legitimate, but inspecting the code reveals More Info »

Neapolitan Backdoor Injection

Most of us are familiar with Neapolitan ice cream: a flavour whose distinguishing characteristic is not one single flavour but several. Many also know it as the ice cream which your roommate eats all of the chocolate, leaving you with the paltry remains of the notably less popular vanilla and strawberry flavours. While cleaning a More Info »

Reset Email Account Passwords after Website Infection: Follow Up

In a previous analysis of a malicious file, we demonstrated why you should always update your email account passwords after a security compromise. The information security threat landscape is always changing. Likewise, the tools used by bad actors are also evolving to evade detection by IDS/IPS and other similar services. cPanel Hosting Environment File Analysis More Info »

The Strange Case of the Malicious Favicon

During the past year, our Remediation department has seen a large increase in the number of fully spammed sites. The common factors are strangely named and unusually located favicon.ico files, along with the creation of “bak.bak” index files peppered around the website. In the majority of the cases, the pattern is similar regardless of the More Info »

Return to the City of Cron – Malware Infections on Joomla and WordPress

We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created by a cron that was scheduled to download malware from a third party domain. Persistent Malware Infection on WordPress and Joomla Websites This More Info »