Remote Access Trojans (RATs) are new to me — apparently, you can get one on a Windows machine as a malware payload from fake CloudFlare DDoS alert pages on hacked WordPress sites. Ben Martin at Sucuri explains “a recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead… Continue reading Sites hacked with fake CloudFlare DDoS alerts infected with RATs
Category: Malware
Автоматически добавленное в WPeMatico
Nulled Themes and Plugins
My first experiences with “nulled” (or back in the day “cracked”) software date back to the golden days of the Atari 8-bit and Commodore Amiga. Blank floppy disks were cheap, and like most kids, I did not have a lot of money or even at times access to legitimate software distributors. Naturally, the way we…
Nulled Themes and Plugins
My first experiences with “nulled” (or back in the day “cracked”) software date back to the golden days of the Atari 8-bit and Commodore Amiga. Blank floppy disks were cheap, and like most kids, I did not have a lot of money or even at times access to legitimate software distributors. Naturally, the way we…
It Takes 2 Seconds of Silence to Skim a Credit Card
E-commerce websites are valuable targets for attackers. Bad actors often leverage creative techniques to conceal their credit card stealers and gather sensitive credit card information from online storefronts. A recent investigation for a compromised Magento website revealed a rather interesting injection. The website owner had found an entirely new section on their checkout page which… Continue reading It Takes 2 Seconds of Silence to Skim a Credit Card
Analysis of the Massive NDSW/NDSX Malware Campaign
Recently, Avast’s researchers Pavel Novák and Jan Rubín posted a detailed writeup about the “Parrot TDS” campaign involving more than 16,500 infected websites. Such massive infections don’t go unnoticed by Sucuri and we immediately recognized that the infection in their writeup belonged to the campaign we internally refer to as “ndsw/ndsx” malware. We’ve been tracking… Continue reading Analysis of the Massive NDSW/NDSX Malware Campaign
Credit Card Stealer Targets PsiGate Payment Gateway Software
Magento’s payment provider gateway offers functionalities for site owners to integrate stores with payment service providers. This handy feature lets a website create and handle transactions based on order details and allows for out-of-the-box integrations with payment service providers like PayPal and Braintree. Since these gateways are responsible for helping businesses accept online payment methods… Continue reading Credit Card Stealer Targets PsiGate Payment Gateway Software
X-Cart Skimmer with DOM-based Obfuscation
Our lead security analyst Liam Smith recently worked on an infected X-Cart website and found two interesting credit card stealers there — one skimmer located server-side, the other client-side. X-Cart’s e-commerce platform is not nearly as popular as Magento or WooCommerce and as a result we don’t see as many threat actors targeting it. While… Continue reading X-Cart Skimmer with DOM-based Obfuscation
Massive WordPress JavaScript Injection Campaign Redirects to Ads
Our remediation and research teams regularly find malicious redirects on client sites. These infections automatically redirect site visitors to third-party websites with malicious resources, scam pages, or commercial websites with the intention of generating illegitimate traffic. As outlined in our latest hacked website report, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts… Continue reading Massive WordPress JavaScript Injection Campaign Redirects to Ads
Manually Identifying an X-Cart Credit Card Skimmer
During a recent investigation, a new client came to us reporting that their antivirus had detected a suspicious domain loading on their website’s checkout page. We regularly receive reports like these, as this is a telltale indicator of a credit card skimmer infection. Our research and remediation teams frequently find credit card skimmers on Magento… Continue reading Manually Identifying an X-Cart Credit Card Skimmer