Cesar Anjos – Page 2 – WindowsTechs.com

Browser Extension Bug Leads to Post Injection

Posted on July 24, 2018 by Cesar Anjos

A few years ago, we saw how a browser extension introduced a threat to serve unwanted ads. Today, the number of browser extensions available to users has grown, along with the risk for this similar behavior to occur.
We recently came across a similar … Continue reading Browser Extension Bug Leads to Post Injection→

Magento Credit Card Stealer Reinfector

Posted on June 19, 2018 by Cesar Anjos

In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal credentials. That is why we have reported on a credit card stealer reinf… Continue reading Magento Credit Card Stealer Reinfector→

Shell Logins as a Magento Reinfection Vector

Posted on May 31, 2018 by Cesar Anjos

Recently, we have come across a number of websites that were facing reinfection of a credit card information stealer malware within the following files:

app/Mage.php;
lib/Varien/Autoload.php;
index.php;
app/code/core/Mage/Core/functions.php;

These a… Continue reading Shell Logins as a Magento Reinfection Vector→

Malicious Activities with Google Tag Manager

Posted on April 17, 2018 by Cesar Anjos

If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”. But when malicious behavior ensues, everything should be double-checked and s… Continue reading Malicious Activities with Google Tag Manager→

Evolution of Conditional Spam Targeting Drupal Sites

Posted on July 5, 2017 by Cesar Anjos

Last year we took a look at how attackers were infecting Drupal installations to spread their spam and keep their campaigns going by just including a malicious file in each visitor’s session.

It’s quite common for attackers to evolve their techniques and add new variations of hidden backdoors to make it harder to get rid of the infection. These evasion and reinfection techniques can also make it difficult to modify the malicious code, which is what has exactly happened in this case, over a year later.

Continue reading Evolution of Conditional Spam Targeting Drupal Sites at Sucuri Blog.

Continue reading Evolution of Conditional Spam Targeting Drupal Sites→

When Your Plugins Turn Against You

Posted on June 13, 2017 by Cesar Anjos

Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations like spam campaigns, malware spreading or simply to damage your SEO ranking among other events.
The thr… Continue reading When Your Plugins Turn Against You→

New Non-HTTPS Websites Blacklisted for Phishy Password Practices

Posted on May 26, 2017 by Cesar Anjos

We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Google detects dangerous code that attempts to trick users into revealing sensitive information.

For the past couple of months we have noticed that the number of websites blacklisted with Deceptive Content warnings has increased for no apparent reason. The sites were clean, and there was no external resources loading on the website.

Continue reading New Non-HTTPS Websites Blacklisted for Phishy Password Practices at Sucuri Blog.

Continue reading New Non-HTTPS Websites Blacklisted for Phishy Password Practices→

Fake WordPrssAPI Stealing Cookies and Hijacking Sessions

Posted on May 9, 2017 by Cesar Anjos

Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing session. Without cookies a user would need to log in, in order to authenticate every action they take. Essentially, cookies keep a user logged in until they either log out or the cookie expires.

Cookie Stealing and Session Hijacking

If an attacker is able to steal active cookies, the attacker can pretend to be that user and perform any actions the user has permissions to perform.

Continue reading Fake WordPrssAPI Stealing Cookies and Hijacking Sessions at Sucuri Blog.

Continue reading Fake WordPrssAPI Stealing Cookies and Hijacking Sessions→

Vbulletin Used to Show Malicious Advertisements

Posted on March 6, 2017 by Cesar Anjos

In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulletin websites since 2012 with this malware, and more recently with a new variation of the same infection. E… Continue reading Vbulletin Used to Show Malicious Advertisements→

vBulletin Malware – When Hackers Compete for Backdoor Control

Posted on January 17, 2017 by Cesar Anjos

A common pattern we see in compromised websites is the presence of backdoors and other malicious code. During Q3 of 2016, we found that 72% of all compromises that we encountered had a PHP-based backdoor hidden within the site. Attackers experiment with various techniques and types of malware to abuse server resources and distribute spam while maintaining access to the site for as long as possible.

In the case of automated attacks, sometimes we’re lucky enough to see hackers access the same website and step on each other’s toes.

Continue reading vBulletin Malware – When Hackers Compete for Backdoor Control at Sucuri Blog.

Continue reading vBulletin Malware – When Hackers Compete for Backdoor Control→