Website Malware Infections

Infected WordPress Plugins Redirect to Push Notification Scam

Attackers are always finding unique ways to avoid detection. Our teams regularly find malware on compromised websites which have been obfuscated to make it more difficult for webmasters to detect or understand. Obfuscation can take many forms, such as encrypting code or using complex algorithms to hide the true nature of the malicious contents. For

[ Read More ]

Chinese Gambling Spam Targets World Cup Keywords

Since 2018, our team has been tracking an interesting type of website infection where the <title> tag of a hacked website is changed to Chinese text — changes which are clearly seen in the website’s search results and source code. However, when you open the affected website in a JavaScript-enabled web browser, the site operates

[ Read More ]

New Wave of SocGholish cid=27x Injections

On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads zipped malicious templates from WordPress theme and fake plugins files before extracting the SocGholish script, which is saved as an encrypted value inside the wp_option table of the WordPress database.

[ Read More ]

New SocGholish Malware Variant Uses Zip Compression & Evasive Techniques

Readers of this blog should already be familiar with SocGholish: a widespread, years-long malware campaign aimed at pushing fake browser updates to unsuspecting web users. Once installed, fake browser updates infect the victim’s computer with various types of malware including remote access trojans (RATs). SocGholish malware is often the first step in severe targeted ransomware

[ Read More ]

Massive ois[.]is Black Hat Redirect Malware Campaign

Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines. PublicWWW results show nearly 15,000 websites have been affected by this malware so far. Our

[ Read More ]

Wordfence Evasion Malware Conceals Backdoors

Malware authors, with some notable exceptions, tend to design their malicious code to hide from sight. The techniques they use help their malware stay on the victim’s website for as long as possible and ensure execution. For example — obfuscation techniques, fake code comments, naming conventions for injections that deploy SEO spam, redirect visitors to

[ Read More ]

What is the 503 Service Unavailable Error & How to Fix It

Imagine for a moment that you’re searching for a topic. You find what you’re looking for on the first page of Google’s search results and click through to the website. But instead of the expected web page, you find yourself staring down the barrel of a 503: Service Unavailable error message. You’re going to immediately

[ Read More ]

New Malware Variants Serve Bogus CloudFlare DDoS Captcha

When attackers shift up their campaigns, change their payload or exfiltration domains, and put some extra effort into hiding their malware it’s usually a telltale sign that they are making some money off of their exploits. One such campaign is the fake CloudFlare DDoS pages which we reported on last month. The attack is simple:

[ Read More ]

A Guide to Virtual Patching for Website Vulnerabilities

All software has bugs — but some bugs can lead to serious security vulnerabilities that can impact your website and traffic. Vulnerabilities can be especially dangerous when your software is running over the web, since anyone can reach out and try to attack it. That’s why keeping your website up-to-date with the latest patches and

[ Read More ]

Magento Supply Chain Attack Targets Extension Developer FishPig

Magento store owners using the popular FishPig extensions should be wary of a recent supply chain attack which compromised their software repository. FishPig released a detailed security announcement on September 13th, 2022. The attack is estimated to have occurred on or before August 19th of this year so any eCommerce stores which have installed FishPig

[ Read More ]