Published on 08/07/2020 – Last Updated on 08/07/2020 by OTC
When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by a scanner. Some examples of suspicious functions commonly detected include system and file_put_contents.
In this malware dropper file we recently found on a compromised website, the attacker chose to create a user-defined PHP function getFile to accomplish the same task as file_put_contents.
Comments