Denis Sinegubko – WindowsTechs.com

WordPress Redirect Hack via Test0.com/Default7.com

Posted on June 4, 2021 by Denis Sinegubko

Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it’s some malicious resource, scam site or a commercial site that buys traffic from cyber criminals (e.g. counterfeit drugs o… Continue reading WordPress Redirect Hack via Test0.com/Default7.com→

Another Credit Card Stealer That Pretends to Be Sucuri

Posted on November 12, 2020 by Denis Sinegubko

During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri.
One of our Remediation Analysts, Liam Smith, found the following code injected into the database of a Magento site.
The first 109 lines of the malw… Continue reading Another Credit Card Stealer That Pretends to Be Sucuri→

SiteCheck Malware Report: September Summary

Posted on October 7, 2020 by Denis Sinegubko

Our free SiteCheck tool helps website owners remotely scan their website to detect malware infections, blacklisting status, website errors, and other anomalies. Scanning a website’s external HTML source code provides immediate results, without the nee… Continue reading SiteCheck Malware Report: September Summary→

Skimmers in Images & GitHub Repos

Posted on July 22, 2020 by Denis Sinegubko

MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files.
During a routine investigation, we detected a similar issue. Instead of targeting .ico files, however, attackers chose to inject content… Continue reading Skimmers in Images & GitHub Repos→

Dangerous Website Backups

Posted on July 2, 2020 by Denis Sinegubko

It’s a well-known fact that website backups are important for mitigating a plethora of site issues. They can help restore a site after a compromise or even facilitate the investigative process by providing a clean code base to compare the curren… Continue reading Dangerous Website Backups→

Evasion Tactics in Hybrid Credit Card Skimmers

Posted on June 5, 2020 by Denis Sinegubko

The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to a third-party server controlled by the attackers.
Though popular with bad actors, one of the drawbacks of… Continue reading Evasion Tactics in Hybrid Credit Card Skimmers→

PinnacleCart Server-Side Skimmers and Backdoors

Posted on April 22, 2020 by Denis Sinegubko

While open-source ecommerce platforms are the most common targets for web skimmers, hackers also target paid-for software — especially if it’s used on high-profile online stores with large user-bases.
This time, our analysts Kara Federow a… Continue reading PinnacleCart Server-Side Skimmers and Backdoors→

Web Skimmer with a Domain Name Generator

Posted on April 17, 2020 by Denis Sinegubko

Our security analyst Moe Obaid recently found yet another variation of a web skimmer script injected into a Magento database.
The malicious script loads the credit card stealing code from qr201346[.]pw and sends the stolen details to hxxps://gooogleta… Continue reading Web Skimmer with a Domain Name Generator→

WordPress Database Brute Force and Backdoors

Posted on March 11, 2020 by Denis Sinegubko

We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess.
However, the WordPress login is not the only point of entry that hackers use to break into sites…. Continue reading WordPress Database Brute Force and Backdoors→

Web Swiper in Image Title

Posted on January 27, 2020 by Denis Sinegubko

Cybercriminals regularly try a variety of approaches to hide their malicious code — web skimmers are well known for using all sorts of obfuscation and masquerading.
Suspicious Img Tag
Our malware analyst Liam Smith recently discovered a suspicio… Continue reading Web Swiper in Image Title→