filebox.php webshell

The malware is a PHP webshell – a script, which when installed on a compromised system, presents a sophisticated administration platform allowing the attacker to browse the filesystem of the compromised server, upload, create, edit, download, or delete files. filebox.php login screen Today we found a new PHP webshell, which we have not seen before … Read more

WordPress Plugin – wp-zipp.php

Today we found new malware WP-Zipp.zip which is a WordPress plugin. The attacker is somehow before with another vulnerability created a user account with WordPress and it uploads own malware plugin, which contains a FilesMan remote shell. Access log As we see, just direct access to WordPress and install WP-Zipp plugin: WP-Zipp.zip If we extracted … Read more

Magento credit card stealer

Hackers are increasingly exploiting an Downloader with connect install package upload vulnerability to steal payment card information from e-commerce websites that use Magento, the most popular e-commerce platform owned by eBay. Magento Auto Logger & Patcher First this malware script try download patcher.zip If it fail it download PHP Command Shell to remote access from … Read more

Silence is golden

Normally Silence is golden is all inside the index file. Just an empty file with no code and a single line comment saying “Silence is golden”. But wait, there exists nothing for no reason, there has got to be some reason for this file being empty ? The answer is security. If this index file … Read more

ini.php

When a website gets hacked, one thing we know for sure is that attackers love to leave malware that allows them access back into the site in future. This type of malware is called a backdoor. This type of malware was named this because it allows for remote control of a compromised website in a … Read more

wp.php

If we look inside this PHP script (only a small part of the code): Execute wp.php If we run this, we found PHP Command shell WSO 2.5 (backdoor) this file: Detect this malware Malware Expert – Signatures found this malware from php code, if you want use our signatures for free.

b374k-shell

The b374k shell is a popular PHP-based web shell that is used by attackers to gain unauthorized access and control over web servers. Like many web shells, it provides a range of functionalities that allow attackers to interact with the compromised server. b374k shell key features Here are some key characteristics and features of the … Read more

FilesMan

PHP backdoors are server-side malicious scripts. The typical examples of such backdoors are various File Managers, Web Shells, Command Shells, tools for bypassing admin login, or various one-purpose scripts allowing the attacker to upload and run another type of malicious scripts. The payload is PHP-based, thus intended for server-side use and the payload is executed … Read more