Home | News | Sucuri Security News

Sucuri Security News

Cookie Consent Script Used to Distribute Malware

Most websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to be compliant with the EU General Data Protection Regulation (GDPR). Even though cookie usage is mentioned only once in GDPR, any organization utilizing them to track users’ browsing activity have had to add a warning ...

Read More »

Cryptominers: Binary-Process-Cron Variants and Methods of Removal

This post provides a brief overview of how to manually remove server-side cryptominers and other types of Binary-Process-Cron malware from a server. Unlike browser-based JavaScript cryptominers that have been injected into a web page, a binary server-level cryptominer abuses server resources without affecting the computers or mobile devices of site visitors. We will cover the attributes of these sever-level infections ...

Read More »

RawGit CDN is Abused by CryptoLoot Cryptominers

Recently, we came across another way to use files from GitHub repositories in malware infections. This time the infections weren’t via GitHub.io, raw.githubusercontent.com, or github.com///raw/ URLs. The new trick involved a third-party service called RawGit that provides a CDN for GitHub files. This is the script that we found injected into .js and theme files on infected Drupal and WordPress ...

Read More »

Switching to HTTPS Before It’s Too Late

Google, Mozilla, and other web authorities are pushing for website owners to adopt HTTPS. Soon, Google Chrome will start flagging sites by displaying a warning that the site is “Not secure“. Chrome 68 is already in Beta. Before long, everyone will be able to update their browsers to Chrome 68 and see “Not Secure” warnings on websites without SSL. Reasons Behind ...

Read More »

Browser Extension Bug Leads to Post Injection

A few years ago, we saw how a browser extension introduced a threat to serve unwanted ads. Today, the number of browser extensions available to users has grown, along with the risk for this similar behavior to occur. We recently came across a similar case where several completely different websites contained what appeared to be a base64-encoded image, only visible ...

Read More »

Hiding Malware Inside Images on GoogleUserContent

If you have been following our blog for a long time, you might remember us writing about malware that used EXIF data to hide its code. This technique is still in use. Let us show you a recent example. Contaminated Pac-Man This code was found at the beginning of a malicious script that steals PayPal security tokens. As you can ...

Read More »

Persistent Malicious Redirect Variants

It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to tell, etc. But what if your “old friend” was on the criminal side of things and you are meeting him more often than you actually like? Moreover, when you see him, he keeps changing his ...

Read More »