Tag Archives: Website Backdoor

Bank Phishing Incident Analysis

Everyone has received a phishing scam via email at one point or another. Thanks to modern anti-spam technology, most of these messages are blocked from ever reaching our inboxes. I said most of them. Today I got one that was able to get through the bouncer: The subject (in Brazilian Portuguese and poorly crafted) translates More Info »

New XM1RPC SEO Spam and Backdoor Campaign

We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1RPC campaign due to the common backdoor used across all of the compromised sites. The file is named in such a way as to confuse WordPress administrators who are familiar with XML-RPC.  More Info »

New Realstatistics Attack Vector Compromising Joomla Sites

Over the past few weeks we’ve seen a large number of Joomla websites compromised with the Realstatistics malware campaign. This mass infection is still evolving and continues to distribute harmful ransomware to compromised website visitors. Today we are providing more context on the new attack vector and exploitation process used to to compromise these sites…. More Info »

Backdoor in Fake Joomla! Core Files

We usually write a lot about obfuscation methods on Sucuri Labs and here on the blog.  Sometimes we write about free tools to obfuscate your code that aren’t that free and we also have an online tool to help decoding the malware you find. But sometimes the malware is not clearly encoded using base64, gzinflate, hex concatenation,… More Info »