Malware basics: Analyzing a possible malware inside a Chrome extension

Standard

Today I came across a website with a sadly familiar problem. It had been attacked for malvertising. The curious thing is that the attacker has successfully hijacked the site so it redirects (sometimes) to a site that tries to “convince” you to install a Chrome extension that asks for permission to modify the content of all the sites that you visit. This is the analysis of the problem.

Continue reading

WordPress XML-RPC Based Attacks

Standard

If you inspect the source code of WordPress, you will easily notice that there is a file in the root of the installation called xml-rpc.php. RPC stands for Remote Procedure Call, and it exposes an API that can be consumed by external agents, using XML to format data and HTTP to transfer it. It is the base of the more modern SOAP protocol.

Continue reading