The analyzed JavaScript injection is an obfuscated, highly evasive malware loader found on compromised PrestaShop websites. It enables attackers to steal sensitive data, disrupt business,...
WordPress Blockchain-Based JavaScript Malware
WordPress JavaScript injection attacks, especially those using remote code loaders and blockchain-based C2, represent a new, stealthy, and highly adaptive threat. Quick detection and removal...
Magecart-Style Credit Card Skimmer Targeting WooCommerce
A sophisticated JavaScript-based credit card skimmer/stealer has been discovered on a compromised WooCommerce-powered WordPress e-commerce website. The malware leverages obfuscation, external payload delivery, and advanced...
WordPress Redirect Malware: Latest JavaScript Injection Attack
This malicious script was found within core JavaScript and Theme files and is designed to stealthily redirect specific users, primarily Windows users on modern browsers...
Fake Captcha on WordPress Leads to Windows Malware
A suspicious JavaScript snippet was found on a compromised WordPress website. This code appears to mimic a CAPTCHA or verification process but ultimately displays a...
Credit Card Skimmer Masquerading as FB Pixel on WooCommerce
A malicious JavaScript block masquerading as a Facebook Pixel was found on a WordPress website that's using WooCommerce to sell and accept credit card payments...
New XYZ Malware Campaign Targeting WordPress Websites
The iogamesl[.]xyz & wp3[.]xyz malware campaign goal is to exploit the WordPress admin panel and create a rogue administrative user, Install Fake plugins to maintain...
Credit Card Skimmers Can Steal & Ruin Your Holidays Cheer!
We will analyze a sample malicious JavaScript code found by a MoeSec Security Analyst, decode it, and explain its purpose. Furthermore, we will outline the...
Analysis of a New Balada Malware found on WordPress Websites
The Balada Injector is a well-known family of malware that primarily targets WordPress sites. It mass-injects malicious JavaScript into websites, often taking advantage of vulnerabilities...
Analysis of a newly found Malicious JavaScript on WordPress Sites
The MoeSec security team recently discovered a piece of malicious JavaScript on a WordPress website. This script was injected using the Simple Custom CSS and...