Backdoor Shell Dropper Deploys CMS-Specific Malware

A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and execute whatever commands they want.

Another common scenario includes malware which is directly injected into a website’s files and used to redirect traffic, steal credit cards and other sensitive information, hijack resources to mine for cryptocurrencies, or even serve unwanted ads.

In this case, the attacker uploaded what we suspect to be a malicious Turkish dropper — the code comments include the Turkish language which, when translated, indicates intent to inject additional pieces of malware on the site.

Continue reading Backdoor Shell Dropper Deploys CMS-Specific Malware at Sucuri Blog.