Sucuri

Massive Attack Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network

PublicWWW results show over 4,500 websites impacted by this malware at the time of writing, while urlscan.io shows evidence of the campaign operating since December 26, 2022.

Vulnerable WordPress Sites Compromised with Two Different Database Infections

Sucuri researchers came across two different database Infections. The first injection redirects users to a spammy sports website and the second injection boosts the authority of a spammy casino website within search engines.

WordPress Vulnerability & Patch Roundup December 2022

To help educate website owners on emerging threats to their environments, researchers at Sucuri compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.

Backdoor Targets FreePBX Asterisk Management Portal

During a recent investigation, Sucuri researchers came across a simple piece of malware targeting FreePBX’s Asterisk Management portal which allowed attackers to arbitrarily add and delete users, as well as modify the website’s .htaccess file.

Infected WordPress Plugins Redirect to Push Notification Scam

Instead of leveraging the typical base64 encoding to evade detection, the attacker was adding variations of a PHP function to normal plugin files which decoded hex2dec from a second file containing a hexadecimal payload.

Chinese Gambling Spam Targets World Cup Keywords

The attack affects mostly Chinese websites, but we’ve found a number of western websites also affected by the malicious injections. According to PublicWWW data, the number of infected sites exceeds 50,000 at the time of writing.

Attackers Compromise 15,000 Sites for Massive Google SEO Poisoning Campaign

These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines. PublicWWW results show nearly 15,000 websites have been affected by this malware so far.

SiteCheck Malware Trends Report – Q3 2022

SEO spam was the most common infection seen in our remote scan data, followed by injected malware. SEO spam infections also happen to be one of the most common types of malware found during remediation cleanup.

New Malware Variants Serve Bogus CloudFlare DDoS Captcha

When browsing an infected website, the user receives a notification that insists they must download a file to continue to access the content. What they don’t know is that the file is actually a Remote Access Trojan.

How Are Favicon (.ico) Files Used in Website Malware?

Malicious redirects are the most common example of .ico malware seen by Sucuri researchers but attackers leverage this file type for other purposes as well, including concealing credit card skimmers.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags