Collaborate Disseminate
The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to use it for the foreseeable future. Unfortunately, attackers are also aware that many websites are straggling with their Magento migrations… Continue reading Magento Multiversion (1.x/2.x) Backdoor
A recent SiteCheck scan of an organization’s website showed an interesting pharmacy spam injection targeting COVID-19-related pages of websites. The HTML that was flagged by our SiteCheck signature, spam-seo.hidden_content?100.2, shows why the pharmac… Continue reading COVID-19 Chloroquine Pharmaspam
This is a simple script that allows hackers to block specific crawlers based upon website requests from specific user-agents. This is useful when you don’t want certain traffic from being able to load certain content – usually a phishing page or a mal… Continue reading Web Crawler & User Agent Blocking Techniques
“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware scanners.
The hexadecimal/decimal obfuscation is clear to see when viewing the file’s … Continue reading Smoker Backdoor: Evasion Techniques in Webshell Backdoors
When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by a scanner. Some examples of suspicious functions commonly detected include system and file_put_contents.
In this m… Continue reading PHP Binary Downloader
In the past, I have explained how small one line PHP backdoors use obfuscation and strings of code in HTTP requests to pass attacker’s commands to backdoors. Today, I’ll highlight another similar injection example and describe some of the … Continue reading PHP Backdoor Obfuscated One Liner
An XML sitemap is an important part of a website’s SEO and exists to help search engine crawlers index new URLs on your website. For example, if a site has a large number of pages that were recently updated and the owner wants Google to index th… Continue reading SEO Hacktool: Sitemap Generator
Phishing kits are the back end components to a phishing attack and are often designed to make it easier to deploy a phishing page.
These kits are typically bundled in compressed files, such as .zip archives, and contain the entire file infrastructure … Continue reading Spox Phishing Kit Harvests Chase Bank Credentials
One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials.
Although these are certainly two of the more common attack vectors, another m… Continue reading Pirated WordPress Plugins Bundled with Backdoors
Attackers regularly target online gaming accounts as they can quickly sell any transferable items along with account logins to a third party. This scenario has cropped up for years now, and has affected a growing number of popular online games ranging… Continue reading Steam Phishing Campaign Uses CS:GO Skin Gambling Lure