Website Backdoor – WindowsTechs.com

Examining Unique Magento Backdoors

Posted on August 4, 2021 by Liam Smith

During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by the attackers in these backdoo… Continue reading Examining Unique Magento Backdoors→

PHP Repository Exploited by Hackers

Posted on March 29, 2021 by Antony Garand

The official PHP git repository, http://git.php.net/, was compromised this Sunday, March 28.
An attacker was able to modify the PHP source code twice and inject a backdoor into it. Thankfully, both attempts were quickly detected and removed by the PHP… Continue reading PHP Repository Exploited by Hackers→

SQL Triggers in Website Backdoors

Posted on February 25, 2021 by Luke Leal

Over the past year, there’s been an increasing trend of WordPress malware using SQL triggers to hide malicious SQL queries within compromised databases. These queries inject an admin level user into the infected database whenever the trigger condition… Continue reading SQL Triggers in Website Backdoors→

Evaluating Cookies to Hide Backdoors

Posted on January 7, 2021 by Luke Leal

Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of techniques that can make it challenging to detect.
For e… Continue reading Evaluating Cookies to Hide Backdoors→

Why You Should Monitor Your Website

Posted on December 15, 2020 by Cesar Anjos

In an effort to maintain unauthorized access or profit off a website’s environment long after an initial compromise, attackers commonly leverage a variety of different techniques and tactics.
These techniques range from adding backdoors, stealing sens… Continue reading Why You Should Monitor Your Website→

Fake WordPress Functions Conceal assert() Backdoor

Posted on December 8, 2020 by Douglas Santos

A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting.
Among 246 other lines, this very specific part stood out to me:
$config = wp_dbase_config_i… Continue reading Fake WordPress Functions Conceal assert() Backdoor→

Obfuscation Techniques in MARIJUANA Shell “Bypass”

Posted on December 4, 2020 by Luke Leal

Attackers are always trying to come up with new ways to evade detection from the wide range of security controls available for web applications. This also extends to malware like PHP shells, which are typically left on compromised websites as a backdo… Continue reading Obfuscation Techniques in MARIJUANA Shell “Bypass”→

“Free” Symchanger Malware Tricks Users Into Installing Backdoor

Posted on December 1, 2020 by Luke Leal

In a previous post, I discussed how attackers can trick website owners into installing malware onto a website — granting the attacker the same unauthorized access as if they had exploited a vulnerability or compromised login details for the website.
B… Continue reading “Free” Symchanger Malware Tricks Users Into Installing Backdoor→

P.A.S. Fork v. 1.0 — A Web Shell Revival

Posted on October 26, 2020 by Luke Leal

A PHP shell containing multiple functions can easily consist of thousands of lines of code, so it’s no surprise that attackers often reuse the code from some of the most popular PHP web shells, like WSO or b374k.
After all, if these popular (and readi… Continue reading P.A.S. Fork v. 1.0 — A Web Shell Revival→

Backdoor Shell Dropper Deploys CMS-Specific Malware

Posted on October 6, 2020 by Krasimir Konov

A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want.
Another common scenario includes malware which is directly inject… Continue reading Backdoor Shell Dropper Deploys CMS-Specific Malware→