Tag: Website Malware Infections

  • Backdoor Uses Paste Site to Host Payload

    Backdoor Uses Paste Site to Host Payload

    Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed. Website Backdoors A backdoor is a piece of malware that attackers leave behind to allow them access back into a website. Hackers like to inject code into different locations to […]

  • Outdated Duplicator Plugin RCE Abused

    Outdated Duplicator Plugin RCE Abused

    We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin. Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to a Remote Code Execution attack, where the malicious visitor is…

  • Fake Font Dropper

    Fake Font Dropper

    Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate the unusual website behavior in order to understand how new infections work. In this case, the odd behavior was the website’s pop-up window claiming there was a missing font. The Unwanted Popup Window A…

  • Fake Plugins with Popuplink.js Redirect to Scam Sites

    Fake Plugins with Popuplink.js Redirect to Scam Sites

    Since July, we’ve been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection involves the tiny.cc URL shortener, a fake plugin that has been called either “index” or “wp_update”, and a malicious popuplink.js file. Infected pages typically have these two scripts in the section of the…