Tag Archives: Website Infection[s]

Website Ransomware – CTB-Locker Goes Blockchain

During the last couple of years, website ransomware has become one of the most actively developing types of malware. After infamous fake anti-viruses, this it the second most prominent wave of malware that makes money by directly selling “malware removal” services to users of infected computers. But unlike fake anti-viruses, that were mostly harmless, and used as aRead More Info »

Website Malware – Evolution of Pseudo Darkleech

Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and coordinates, iframes with No-IP host names, and random dimensions where the random parts changed on every page load. Back then, we identified that it was not a server-level infection. TheRead More Info »

Return of the EXIF PHP Joomla Backdoor

Our Remediation and Research teams are in constant communication and collaboration. It’s how we stay ahead of the latest threats, but it also presents an opportunity to identify interesting threats that aren’t new but may be reoccuring. Such as today’s post, in which we explore a case we shared close to two years ago whereRead More Info »

WordPress Malware – VisitorTracker Campaign Update

For the last 3 weeks we have been tracking a malware campaign that has been compromising thousands of WordPress sites with the VisitorTracker malware code. We initially posted some details about this issue on this blog post: WordPress Malware – Active VisitorTracker Campaign, but as the campaign and the malicious code has evolved, we decided provideRead More Info »

Ask Sucuri: How did my WordPress Website get Hacked? – A Tutorial

With the proliferation of Infrastructure and Platform as a Service providers, it is no surprise that a majority of today’s websites are hosting in the proverbial cloud. This is great because it allows organizations and individuals alike to quickly deploy their websites, with relatively little overhead on their own infrastructure/systems. While there are so manyRead More Info »

SweetCAPTCHA Service used to Distribute Adware

SweetCaptcha is free CAPTCHA service that offers to match sweet-looking images instead of making you recognize distorted digits and characters. It has integration with many website platforms: pure PHP, WordPress (10,000+ plugin installs), Drupal, Joomla, ModX, .NET, JavaScript, and even offers an API that can be used on other platforms. So far so good. MaliciousRead More Info »

Analysis of the Fancybox-For-WordPress Vulnerability

We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the details explaining how attackers could use this vulnerability to inject malicious iframes on websites using this plugin. Technical details This vulnerability exploited a somewhat well-known attack vector amongst WordPress plugins: unprotected More Info »

New Malware Campaign – WPcache-Blogger – Affects Thousands more WordPress Websites via RevSlider

If SoakSoak wasn’t enough, we are starting to see a new malware campaign leveraging the RevSlider vulnerability and compromising thousands of WordPress sites in the last few days. Unlike SoakSoak, it’s comprised of 3 distinct malframes – creating one new campaign. We’re tracking each closely: 1- wpcache-blogger: This campaign is using the domain wpcache-blogger.com as More Info »