Collaborate Disseminate
Phishing kits are the back end components to a phishing attack and are often designed to make it easier to deploy a phishing page.
These kits are typically bundled in compressed files, such as .zip archives, and contain the entire file infrastructure … Continue reading Spox Phishing Kit Harvests Chase Bank Credentials
Highlights for June 2020
Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding user input data sanitization.
Massive … Continue reading Vulnerabilities Digest: June 2020
The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to a third-party server controlled by the attackers.
Though popular with bad actors, one of the drawbacks of… Continue reading Evasion Tactics in Hybrid Credit Card Skimmers
Many website owners don’t know they’re infected with malicious redirects until they start getting calls from wary customers. Instead of the site they were expecting, it loaded some pretty shady content from the nether reaches of the intern… Continue reading Understanding & Stopping Malicious Redirects
Attackers regularly target online gaming accounts as they can quickly sell any transferable items along with account logins to a third party. This scenario has cropped up for years now, and has affected a growing number of popular online games ranging… Continue reading Steam Phishing Campaign Uses CS:GO Skin Gambling Lure
Phishing attacks against targeted channels have been successful in the past, as explained last year on ZDNet. Recently, our Remediation team found an interesting phishing page following a similar pattern that was targeting YouTube creators.
Phishing B… Continue reading YouTube Account Recovery Phishing
When creating phishing lures, attackers may cite recent major regulatory changes within the context of their social engineering scheme to confuse or further entice victims into clicking a link or performing some action.
For example, in September 2019 … Continue reading Phishing Campaign Targets Poste Italiane & SMS OTP Verification
Our team recently found a malicious JavaScript injection within the WordPress index.php theme file on a compromised WordPress website which ultimately redirects site visitors to a survey-for-gifts scam website. At this time of writing, we have seen ov… Continue reading Malicious JavaScript Used in WP Site/Home URL Redirects
As we settle into 2020, it’s a good time to look back at what was learned in the previous year. After all, the past provides valuable lessons for the future.
With that thought in mind, we asked our researchers to choose their favorite blog posts… Continue reading Top 10 Sucuri Research Articles in 2019
Our Remediation team lead Ben Martin recently found a fake Google domain that is pretty convincing to the naked eye.
The malicious domain was abusing the URL shortener service is.gd: shortened URLs were being injected into the posts table of the clien… Continue reading Another Fake Google Domain: fonts.googlesapi.com