On Thursday, Google’s Safe Browsing service began warning visitors to php.net that the website was discovered serving malware. Initially, most people and PHP maintainers thought that it was a false positive, but subsequent investigation confirmed that some of the project’s servers did get compromised.
The hackers succeeded in injecting malicious JavaScript code (userprefs.js) in four of the site’s pages. When visitors landed on them, the code allowed for automatic detection of vulnerable plug-ins, and the serving of malicious SWF files. It’s interesting to note that only desktop browser users were targeted – those who visited the compromised pages with a mobile browser were safe.
Barracuda Networks researchers managed to get their hands on a packet capture file, and provided it to other researchers for analysis. Kaspersky Lab’s Fabio Assolini noted that the malicious iFrame pointed to the Magnitude Exploit Kit and dropped a variant of the Tepfer information-stealing Trojan with a low AV detection rate.
SOURCE: net-security.org
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…