menu

WordPress Injection Exfiltrates Admin Login

2021-06-09 :: Luke
#backdoor  #login stealer  #$ccc_url  #wordpress  #PHP  #website malware  WordPress Injection Exfiltrates Admin Login
wp-login.php injection silently exfiltrates a victim’s username and password back to the attacker’s server.
Read more →

.wtf() Skimmer Targets WooCommerce PayPal Pro

2021-03-10 :: Luke
#0x4895  #templatesurvey.com  #skimmer  #WordPress  #WooCommerce  #PayPal Pro  #ecommerce  #JavaScript  #website malware  .wtf() Skimmer Targets WooCommerce PayPal Pro
A JavaScript skimmer designed to steal payment data entered into the WooCommerce PayPal Pro gateway on the victim’s infected ecommerce website. Lowkey exfiltration domain: templatesurvey[.]com.
Read more →

How PHP Droppers Spread Malware

2021-02-11 :: Luke
#binary malware  #php dropper  #wordpress  #malspam  #website malware  How PHP Droppers Spread Malware
A breakdown of how PHP droppers are used to spread binary malware through malicious URLs and spam emails.
Read more →

Malware Disables Wordfence Security Plugin & Forges Timestamps

2020-12-16 :: Luke
#backdoor  #plugin killer  #wordpress  #PHP  #website malware  Malware Disables Wordfence Security Plugin & Forges Timestamps
A malicious PHP file is used to take down Wordfence plugin before it adjusts its own mtime timestamp.
Read more →

Skimmer Loaded Via Image On MemberPress Checkout Form & Magento

2020-12-08 :: Luke
#0x165a3f  #skimmer  #WordPress  #Magento  #steganography  #ecommerce  #JavaScript  #website malware  Skimmer Loaded Via Image On MemberPress Checkout Form & Magento
A payment card skimmer hidden within an existing PNG image on an infected WordPress website that uses MemberPress and collects payment data for private membership. A variant was also found stealing payment card information on an infected Magento website.
Read more →
Disclaimer: The research posted on this website is for information purposes only. Do not use it for illegal purposes.