Whitespace Steganography Conceals Web Shell in PHP Malware

Whitespace Steganography Conceals Web Shell in PHP Malware

Last November, we wrote about how attackers are using JavaScript injections to load malicious code from legitimate CSS files.

At first glance, these injections didn’t appear to contain anything except for some benign CSS rules. A more thorough analysis of the .CSS file revealed 56,964 seemingly empty lines containing combinations of invisible tab (0x09), space (0x20), and line feed (0x0A) characters, which were converted to binary representation of characters and then to the text of an executable JavaScript code.

Continue reading Whitespace Steganography Conceals Web Shell in PHP Malware at Sucuri Blog.

Read more: Whitespace Steganography Conceals Web Shell in PHP Malware

Story added 2. February 2021, content source with full text you can find at link above.