Black Hat Tactics – Page 9 – WindowsTechs.com

Malicious JavaScript Used in WP Site/Home URL Redirects

Posted on January 21, 2020 by Luke Leal

Our team recently found a malicious JavaScript injection within the WordPress index.php theme file on a compromised WordPress website which ultimately redirects site visitors to a survey-for-gifts scam website. At this time of writing, we have seen ov… Continue reading Malicious JavaScript Used in WP Site/Home URL Redirects→

Zen Cart “PayPal” Skimmer

Posted on January 17, 2020 by Luke Leal

While we mostly see skimmers on Magento based websites, this does not mean that less-popular ecommerce platforms are safe from infections with similar payment information stealing malware.
We recently found a case on a lesser known open source ecommer… Continue reading Zen Cart “PayPal” Skimmer→

How Websites Are Used to Spread Emotet Malware

Posted on December 18, 2019 by Luke Leal

In past posts, we’ve discussed the more popular reasons why hackers target smaller websites. Today, we’ll focus instead on how hackers use compromised websites to spread dangerous malware like Emotet to end user victims.
Emotet Threat
Firs… Continue reading How Websites Are Used to Spread Emotet Malware→

Unmasking Black Hat SEO for Dating Scams

Posted on December 12, 2019 by Denis Sinegubko

Malware obfuscation comes in all shapes and sizes — and it’s sometimes hard to recognize the difference between malicious and legitimate code when you see it.
Recently, we came across an interesting case where attackers went a few extra mi… Continue reading Unmasking Black Hat SEO for Dating Scams→

Why Hackers Create Phishing Campaigns

Posted on December 9, 2019 by Antony Garand

Phishing is a malicious attempt to obtain personally identifiable information of a victim. The first thing to keep in mind about phishing is the goal of the attackers.
In the first post of this series, we have explained how to recognize a phishing cam… Continue reading Why Hackers Create Phishing Campaigns→

Another Fake Google Domain: fonts.googlesapi.com

Posted on December 2, 2019 by Luke Leal

Our Remediation team lead Ben Martin recently found a fake Google domain that is pretty convincing to the naked eye.
The malicious domain was abusing the URL shortener service is.gd: shortened URLs were being injected into the posts table of the clien… Continue reading Another Fake Google Domain: fonts.googlesapi.com→

Black Friday/Cyber Monday Ecommerce Security Threats

Posted on November 25, 2019 by Luke Leal

With the end of November comes the height of the holiday shopping season — specifically Black Friday and Cyber Monday sales, which typically span the last calendar days of November into the first week of December.
As consumer behavior changes an… Continue reading Black Friday/Cyber Monday Ecommerce Security Threats→

Down the Malware Rabbit Hole: Part II

Posted on November 18, 2019 by Cesar Anjos

In our last post in this series, we took a look at a code snippet that had been encoded in a very specific way — and hidden 91 layers deep.
Today, we’ll reveal how attackers achieve this level of encoding and investigate one of the many po… Continue reading Down the Malware Rabbit Hole: Part II→

Malicious Android Application Used in Phishing Scam

Posted on November 13, 2019 by Krasimir Konov

While we deal with a lot of phishing cases, we rarely see mobile applications used as part of a phishing campaign—these apps add a layer of complexity to the process which deters some bad actors from incorporating into their attack.
To launch a … Continue reading Malicious Android Application Used in Phishing Scam→

Category Archives: Black Hat Tactics