Collaborate Disseminate
We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings.
Our investigation revealed that the site had been infected with a credit card skimmer loading… Continue reading Fake Google Domains Used in Evasive Magento Skimmer
In a previous analysis of a malicious file, we demonstrated why you should always update your email account passwords after a security compromise.
The information security threat landscape is always changing. Likewise, the tools used by bad actors are… Continue reading Reset Email Account Passwords after Website Infection: Follow Up
The final actor of the stolen payment data supply chain is the end user. Rather than just selling or reselling payment data, the end user plans on fraudulently monetizing it.
This malicious end user typically buys payment data in limited quantities, s… Continue reading Stolen Payment Data: Infected Ecommerce Website to Darknet Markets
A malicious PHP script, aptly given the name “Magento Killer” by its creator(s), has been found targeting Magento websites.
While it doesn’t actually kill the Magento installation, it does allow the attacker to modify data in the cor… Continue reading Magento Killer
Across various social media platforms there are verification checkmark symbols that appear near the name of the account’s page we view. For example, this verified account indicator seen from our our Twitter page:
These verification checkmarks ex… Continue reading Fake Instagram Verification
Recently, someone reached out to us about a malicious process they had discovered running on their web server. This process was maxing out the CPU, which is not unusual when a cryptominer process is running without any throttling.
Below is an example … Continue reading Cryptomining Dropper and Cronjob Creator
In the past, we’ve mentioned how the PHP XOR bitwise operator (represented by the caret ^) can be used to encrypt a malware’s source code. This operator makes it more difficult to determine if encrypted code is malicious, or if it is… Continue reading PHP Backdoor Evaluates XOR Encrypted Requests
We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created by a cron that was scheduled to download malware f… Continue reading Return to the City of Cron – Malware Infections on Joomla and WordPress
It’s not uncommon for bad actors to use compromised websites to send large amounts of email spam. This can cause major headaches for website owners — spam can lead to the blacklisting of a web host’s mail server IPs, or the domain na… Continue reading Reset Email Account Passwords After a Website Malware Infection
We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered when reviewing sources of the var… Continue reading Malware Campaigns Sharing Network Resources: r00ts.ninja