Home | News | Sucuri Security News (page 2)

Sucuri Security News

Malicious Website Cryptominers from GitHub. Part 2.

Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time, we noticed another attack that also used GitHub for serving malicious code. Encrypted CoinHive Miner in Header.php The following encrypted malware was found in the header.php file of the active WordPress theme: There are four lines of code in ...

Read More »

Reverse Javascript Injection Redirects to Support Scam on WordPress

Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri Labs Note. The campaign attempts to redirect visitors to a bogus Windows support page claiming that their computers are infected with ‘riskware’ and will be disabled unless they call what is an obviously bogus support ...

Read More »

How to Create Secure Passwords For Your Website

Have you ever had to sign up for a new account, but once the time came to create a password, your spirits dropped a little? It’s hard enough to remember one password let alone multiple passwords. Panic sets in as the security suggestions prompt you to add more numbers and unique characters. How am I going to remember this? Why ...

Read More »

Javascript Injection Creates Rogue WordPress Admin User

Earlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection type was always the same: malicious javascript designed to display unauthorized pop-ups or completely redirect visitors to spammy websites, which the hackers then monetized through advertisement views. This month we noticed a very interesting variant ...

Read More »

Malicious Cryptominers from GitHub

Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site. Our investigation revealed a hidden iframe had been injected into the theme’s footer.php file: wpupdates.github[.]io/ping/” style=”width:0;heigh:0;border:none;”> When we opened the URL in a browser, the page was blank. After checking the HTML source code, we discovered a piece of JavaScript ...

Read More »

Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites

A few weeks ago, we wrote about a massive WordPress infection that injected an obfuscated script pretending to be jQuery and Google Analytics. In reality, this script loaded a CoinHive cryptocurrency miner from a third-party server. We also mentioned a post written back in April that described the cloudflare.solutions malware, which came along with the cryptominers. At this moment, PublcWWW reports there ...

Read More »

Formidable Forms / Shortcodes Ultimate Exploits In The Wild

On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Forms plugins are used together on a single WordPress installation. Over the past couple of weeks, we’ve noticed a large influx in the number of malicious requests testing for the presence of the two popular WordPress plugins. Both ...

Read More »

Risks For E-commerce Site Owners Through the Holidays

Shopping season is here, and with that, so is the opportunity for ecommerce site owners to grow their revenue and reputation. However, hackers are also busy infecting ecommerce websites with malware, such as: Credit Card Swipers Malicious Payment Gateways Malware Downloads Now is the time when attackers target those last-minute shoppers buying products online. Over the last few years, it ...

Read More »