menu

WordPress Keylogger Injection

2022-11-04 :: Luke
#wp-login.php  #text-user.js  #keylogger  #backdoor  #WordPress  #PHP  #website malware  WordPress Keylogger Injection
An injection into the wp-login.php file that secretly steals your WordPress login information.
Read more →

Renamed wp-config.php => Sensitive Data Exposure

2022-06-08 :: Luke
#wp-config.php  #security misconfiguration  #sensitive data  #WordPress  #PHP  #website malware  Renamed wp-config.php => Sensitive Data Exposure
Attackers continue to find easy victims by crawling websites using enumeration techniques and looking for configuration files that have had their file extension modified.
Read more →

Affiliate Referral Abuse & JavaScript Injection

2022-01-23 :: Luke
#effectivecpmgate.com  #ciandu5h  #_wpth-1  #WordPress  #JavaScript  #fraud  #website malware  Affiliate Referral Abuse & JavaScript Injection
Hackers use JavaScript injections to redirect visitors to specific websites to collect affiliate referrals.
Read more →

Mass WP Infection: trainresistor.cc

2021-12-13 :: Luke
#trainresistor.cc  #_0x4165  #WordPress  #JavaScript  #website malware  Mass WP Infection: trainresistor.cc
A large attack campaign that has been targeting vulnerable WordPress websites and using JavaScript injections to redirect victims to scams or malicious URLs.
Read more →

.wtf() Skimmer Still Targeting WooCommerce Websites

2021-11-30 :: Luke
#convert-server.com  #JavaScript  #skimmer  #WordPress  #WooCommerce  #ecommerce  #website malware  .wtf() Skimmer Still Targeting WooCommerce Websites
Almost identical to the one from back in March 2021 except this uses convert-server.com as the exfiltration domain.
Read more →
Disclaimer: The research posted on this website is for information purposes only. Do not use it for illegal purposes.