Collaborate Disseminate
A PHP shell containing multiple functions can easily consist of thousands of lines of code, so it’s no surprise that attackers often reuse the code from some of the most popular PHP web shells, like WSO or b374k.
After all, if these popular (and readi… Continue reading P.A.S. Fork v. 1.0 — A Web Shell Revival
We often see hackers reusing the same malware, with only a few new adjustments to obfuscate the code so that it is more difficult for scanning tools to detect.
However, sometimes entirely new attack tools are created and deployed by threat actors who … Continue reading R_Evil WordPress Hacktool & Malicious JavaScript Injections
Our free SiteCheck tool helps website owners remotely scan their website to detect malware infections, blacklisting status, website errors, and other anomalies. Scanning a website’s external HTML source code provides immediate results, without the nee… Continue reading SiteCheck Malware Report: September Summary
A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want.
Another common scenario includes malware which is directly inject… Continue reading Backdoor Shell Dropper Deploys CMS-Specific Malware
PHP hack tools are created and used by attackers to help automate frequent or tedious tasks. During a recent investigation, we came across a hack tool used to simplify the process of sending predefined HTML emails to a list of email addresses.
The too… Continue reading GFX Xsender Hack Tool: A Spam Mailer
Malicious pop-ups and redirects have become two extremely common techniques used by attackers to drive traffic wherever they want.
During a recent investigation, we came across an obfuscated pop-up script leveraging baidu[.]com search results to redi… Continue reading Malicious Pop-up Redirects Baidu Traffic
In an attempt to avoid detection, attackers and malware authors are always experimenting with different methods to obfuscate their malicious code.
During a recent investigation, we came across an interesting backdoor that was leveraging encoding along… Continue reading Backdoor Obfuscation: tempnam & URL Encoding
Our team recently came across a malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information.
To obtain sensitive details, the malware loads external javascript whenever t… Continue reading Magento Credit Card Stealing Malware: gstaticapi
Short scripts that deliver malware to a website are nothing new, but during a recent investigation we found a script using hastebin[.]com, which is a domain we see used infrequently. The script was found writing malicious contents into an image direct… Continue reading Malicious One-Liner Using Hastebin
Employees at companies of all sizes can be targets of phishing attacks, but certain corporations or industries can be more valuable to an attacker than others.
For instance, employees at telecom companies will often have some level of elevated access … Continue reading Phishing Page Targets AT&T’s Employee Multi-Factor Authentication