🔍 Magecart malware hidden in plain sight?
In our latest post, security analyst @_jamsec reveals how ecommerce malware designed to skim sensitive credit card details from webstores is concealed through pixels and images.
#magecart#malware#magento
https://t.co/dKRAku0ogw
🕵️♂️ What is that, wingdings?!
Attackers are using #unicode and peculiar file extensions to avoid detection in #WordPress backdoors. Research by @_jamsec.
#websitesecurity
https://t.co/0EuF3tYsVA
🚨 Essential Addons for #Elementor vuln = new #malware taste, classic #Balada flavor. Over 6k detections by SiteCheck already.
Patch ASAP to mitigate risk. Research by @_jamsec & @unmaskparasites.
https://t.co/VBHWWHfp8D
Analysis of the recent massive Balada Injector wave (cdn.scriptsplatform[.]com) that started right after the Essential Addons for Elementor plugin vulnerability disclosure.
https://t.co/TiAs8rdQZ4
Had the privilege to contribute to this post with @_jamsec
🌐 It's raining water company defacements! ⛈️ 💧Our latest blog post explores the strange trend of Belarusian bottled water content appearing on #hacked#websites. Research by @_jamsec.
#defacement#website-security
https://t.co/qdcGPQxLjd
Double GTM skimmer: https://t.co/Kqy3907hVL
GTM-KTGCVGT loads GTM-55SBK75 which loads a skimmer from gojqueryajax[.com/common.css
and previously codesejquery[.com/gtm.js
Related domains https://t.co/pHrSCWloLY
jspixjqurey[.com
jspqurey[.com
gojqwejs[.com
Thanks @_jamsec
The long lasting massive WordPress infection campaign finally gets a name. Meet the Balada Injector and its 9 major approaches to compromising WordPress sites. https://t.co/WB5O0LZxzB
Re: https://t.co/zFaAVtEURx
🚨 Our 2022 Website Threat Research Report is here! 🚨
Key findings:
- 50.58% of CMS applications outdated at point of infection
- 69.63% of compromised sites had at least 1 backdoor
- 46.76% of all infected sites had SEO spam
https://t.co/fWmTpoRZli
#WebsiteSecurity#Malware
Server-side part of the Kritec skimmers found by @_jamsec in vendor/magento/framework/View/Page/Config/Renderer.php
shotsmob[.]sbs in this sample
We also find this malware in WordPress database (theme settings)
Re: https://t.co/SmGA9OIC2L
Found small unwanted ads on your #WordPress website? Might want to check for hex2bin or other encoded #malware#injections in your database. Research by @_jamsec
https://t.co/xRydOt7zMX
Malicious cron jobs can be aggressive. If your site keeps getting reinfected, make sure to check your #hosting control panel or use the crontab -l command.
#malware#infosec#websitesecurity
https://t.co/bMg1MvndxX
Two weeks after "dns.firstblackphase[.com", we have the "get.sortyellowapples[.com" wave.
https://t.co/nsU5rOBkza
Infected: index.php, .js files + backdoors
Thanks @_jamsec for spotting it!
Re: https://t.co/ZWXbAXV0S1