Gel4y Mini Shell by Indonesian Darknet - Gel4y Mini Shell by Indonesian Darknet 🕵️

Gel4y Mini Shell by Indonesian Darknet 🕵️

Recently encountered a version of Gel4y Mini Shell that is not detectable by Imunify360 yet! Gel4y Mini Shell is a small PHP shell that has two notable features: 🔴 Compared to other PHP shells such as IDBTE4M BOT V87 Gel4y Mini Shell by Indonesian Darknet offers a lot fewer features: Source code: UPDATE: Imunify360 now … Read full article →

Remove cronjobs from AnonymousFox malware - 🔴 FoxAuto WordPress malware

🔴 FoxAuto WordPress malware

The AnonymousFox Hack guide by Sucuri misses a huge step in cleaning a hacked WordPress website, and that step is: removing the cronjobs While removing AnonymousFox malware from a website I noticed the following cron: It downloads a script from http://hello.hahaha666.xyz/xxxd and runs it, the script is: It creates a new folder css and replaces … Read full article →

IDBTE4M BOT V87

IDBTE4M BOT V87 🤖

IDBTE4M BOT V87 is a PHP shell that has a rarely good mailer function which is hard to detect because it uses random [email protected] for sending SPAM: source code: when accessed publically the IDBTE4M BOT V87 shell gives a blank page, but with a POST request containing the random password, the shell looks like this: … Read full article →

Cloudflare phishing popup that downloads malware - ⚠️ Cloudflare phishing popup that downloads malware

⚠️ Cloudflare phishing popup that downloads malware

In this post, I will discuss the most realistic phishing popup that I’ve seen in years. These popups appear only on WordPress websites that use Cloudflare and can easily be mistaken with the original Cloudflare’s “sorry you have been blocked” screen. The post is divided in two sections: Analysis of the malware and malicious code … Read full article →

R4gn4r0 Mailer - 🔴 R4gn4r0 Mailer 1.0

🔴 R4gn4r0 Mailer 1.0

A straightforward PHP script called R4gn4r0 Mailer is used to send bulk emails from WordPress websites that have been hacked. It offers capabilities like email address filtering, mass emailing, and blacklist checking and is essentially a clone of the LeafMailer. The malware is often discussed as a wp-active2.php file. Simple login form, the password is … Read full article →

How to Clean cofounderspecials.com Malware - How to Clean 🔴 cofounderspecials.com Malware

How to Clean 🔴 cofounderspecials.com Malware

According to publicwww about 5000 websites are known to be infected with this type of WordPress malware. It is similar to legendarytable.com malware and adds js code into every post and page so that visitors are redirected to third-party websites. Check if infected To check if your website is infected, open PHPMyAdmin, select your database, … Read full article →

malware types wordpress - Types of WordPress Malware Attacks and What They Do

Types of WordPress Malware Attacks and What They Do

Here are the most common types of WordPress malware attacks. Permanent malware eradication entails conducting a thorough investigation and determining the type of attack that occurred, how it occurred, and permanently closing that door. This is known as root cause analysis and vulnerability fix in the security world. 🔀 Cross-site scripting (XSS) The most regularly … Read full article →

Three Column Screen Layout WordPress Plugin Exploit - Three Column Screen Layout WordPress Plugin ⚠️ Exploit

Three Column Screen Layout WordPress Plugin ⚠️ Exploit

Another website got hacked and the owner noticed weird chinese characters in search results for his website. The index.php file contained the following code: Initially, the point of entry for this malicious code was a plugin named Three Column Screen Layout that has a vulnerability which as many other WordPress users report is being actively … Read full article →