Sucuri

Fake Java Update Popup Found in Malicious WordPress Plugin

A malicious WordPress plugin disguised as "Yoast SEO" was found injecting a fake "Java Update" pop-up to trick users into downloading malware. The plugin injects JavaScript into the of pages, avoiding macOS, mobile, and Safari users.

Fake Google Meet Page Tricks Users into Running PowerShell Malware

A fake Google Meet page was discovered, designed to trick users into running a malicious PowerShell command under the guise of fixing a "Microphone Permission Denied" error.

Another Fake Cloudflare Verification Targets WordPress Sites

A new malware campaign is targeting WordPress sites by impersonating a Cloudflare verification page. This multistage infection uses social engineering and obfuscated PowerShell commands to deliver a malicious Windows executable

Fake WordPress Plugin Impacts SEO by Injecting Casino Spam

The attackers used multiple stealthy methods to evade detection: naming the plugin an innocent-sounding name, and hiding it in the WordPress plugins directory versus a core file to avoid being found by integrity checks.

WordPress ClickFix Malware Causes Google Warnings and Infected Computers

The WordPress malware injection attempts to trick unsuspecting victims into executing malicious Powershell commands within Windows OS environments to infect their computers with backdoors.

Magento Credit Card Stealer Disguised in an Tag

Analyzing the decoded version of the malicious script reveals that it first checks whether the user is on the checkout page and ensures the script hasn’t run yet in the current session.

Google Tag Manager Skimmer Steals Credit Card Info From Magento Site

The malicious code was found in the database table cms_block.content and was disguised as a standard Google Tag Manager and Google Analytics tracking script. It contained an encoded JavaScript payload designed to collect user data during checkout.

Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection

The credit card skimmer silently injects malicious JavaScript into database entries to steal sensitive payment details. The malware activates on checkout pages by hijacking existing payment fields or injecting a fake credit card form.

Credit Card Skimmer Malware Targeting Magento Checkout Pages

This malware dynamically creates a fake credit card form or extracts payment fields directly depending on the variant of the malware, activating only on checkout pages. The stolen data is then encrypted and exfiltrated to a remote server.

Woo Skimmer Uses Style Tags and Image Extension to Steal Card Details

A recent WooCommerce skimming attack used a creative method to steal credit card details by hiding malicious code within style tags and embedding a fake payment overlay in an image file disguised as a favicon.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags