WordPress Redirect Malware Hidden in Google Tag Manager Code
Last month, a customer contacted us after noticing their WordPress website was unexpectedly redirecting to a spam domain. The redirection occurred approximately 4-5 seconds after a user landed on the site. Upon closer inspection of the site’s source code we found a suspicious Google Tag Manager loading. This isn’t the first time we’ve seen GTM […] more…Hackers Inject Malware Into Gravity Forms WordPress Plugin
Two Gravity Forms WordPress plugin versions available on the official download page were injected with malware in a supply chain attack. The post Hackers Inject Malware Into Gravity Forms WordPress Plugin appeared first on SecurityWeek. more…Stealthy PHP Malware Uses ZIP Archive to Redirect WordPress Visitors
Last month, a customer contacted us, concerned about persistent and inexplicable redirects on their WordPress website. Our investigation quickly unearthed a sophisticated piece of malware deeply embedded within their site’s core files. This wasn’t just a simple redirect; it was a complex operation designed for search engine poisoning and unauthorized content injection. What Did We […] more…Attackers Inject Code into WordPress Theme to Redirect Visitors
In a recent article we discussed some of the reasons sites are frequently attacked. That article covered browser redirects, and we’ll explore an example of such a case here. Website themes are a common attack vector for many reasons. The theme is guaranteed to load on every page, that is the core design of any […] more…Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover
A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites. The post Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover appeared first on SecurityWeek. more…Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor
Last month, we encountered a particularly interesting and complex malware case that stood out from the usual infections we see in compromised WordPress websites. At first glance, the site looked clean, no visible signs of defacement, no malicious redirects, and nothing suspicious in the plugin list. But beneath the surface, a hidden infection chain was […] more…Malicious WordPress Plugin Creates Hidden Admin User Backdoor
I recently wrote about a case where a malicious plugin was used to steal admin credentials. Here we will examine yet another malicious plugin that creates a malicious admin user right in the website. Examining the malware While examining the site, we noticed a plugin located at wp-content/plugins labeled php-ini.php. This is strange since directories […] more…Motors Theme Vulnerability Exploited to Hack WordPress Websites
Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords. The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek. more…Analysis of a Malicious WordPress Plugin: The Covert Redirector
A few weeks ago, we received a support request from a website owner who was experiencing unexpected redirects. Visitors landed on the website normally, but after about 4–5 seconds, the site redirected them to unrelated and suspicious websites. During the investigation, we discovered a malicious plugin that was responsible for this behavior, continuing the trend […] more…Fake WordPress Caching Plugin Used to Steal Admin Credentials
A common trend we see is that bad actors will upload malicious plugins to WordPress sites. These plugins serve a wide variety of functions from injecting spam to redirecting sites to other malicious content. In this article we will examine a more dangerous method where plugins can be used to steal admin credentials. Identifying the […] more…Fake Java Update Popup Found in Malicious WordPress Plugin
We recently assisted a customer who reported a persistent and concerning “Java Update” pop-up appearing on their WordPress website. This type of deceptive notification is a common tactic used by attackers to compromise website visitors. Our investigation revealed a malicious plugin operating stealthily within their WordPress environment. What Did We Find? A plugin installed in […] more…Another Fake Cloudflare Verification Targets WordPress Sites
A new Cloudflare infection has once again been targeting WordPress sites. This new iteration of malware mimics a legitimate-looking Cloudflare verification page, which then tricks victims into following various commands and downloading malware. This style of malware is not new – our researcher Ben Martin wrote about a similar campaign targeting WordPress sites back in […] more…Second OttoKit Vulnerability Exploited to Hack WordPress Sites
Threat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges. The post Second OttoKit Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek. more…Ad-Jacked: Cybercriminals Inject Google Adsense into WordPress
Recently, we’ve encountered cases where WordPress websites were impacted by Google Adsense hijackers. Attackers inject advertisements and scripts that steal website resources and pump ad views for their adsense accounts. This is not the first time we’ve seen attackers abusing popular Google services. In a previous case, we discovered a credit card skimmer hiding inside […] more…Vulnerability in OttoKit WordPress Plugin Exploited in the Wild
A vulnerability in the OttoKit WordPress plugin with over 100,000 active installations has been exploited in the wild. The post Vulnerability in OttoKit WordPress Plugin Exploited in the Wild appeared first on SecurityWeek. more…Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory
Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks. The post Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory appeared first on SecurityWeek. more…More information
- Kubernetes and the Challenge of a Huge Security Vulnerability CVE-2018-1002105
- Mainframe hardware upgrade scheduled for Monday, February 13, 2017
- Coinbase: don’t expect to trade your cryptocurrency at busy times
- Europol Probing IS Setting Up of Social Network
- Microsoft ChakraCore Scripting Engine CVE-2018-0933 Remote Memory Corruption Vulnerability
- Why Reinfections Happen with a WAF
- ProtonMail Suspects State-Sponsored DDoS Attack
- Malware found in the control room of a Japanese nuclear reactor
- Google’s neural networks turn pixelated faces back into real ones
- Vulnerabilities in CISA KEV Are Not Equally Critical: Report