Unwanted Ads via Baidu Links

The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.
Some of the changes were documented asUpdates at the bottom of the original blog post, however, every week we see minor modifications in the way they obfuscate the scripts or the files they inject them into.
Encrypted WordPress JavaScript Files
At this moment, the most common injection targets are core WordPress JavaScript files:
wp-includes/js/jquery/jquery-migrate.min.js
wp-includes/js/jquery/jquery.js
wp-includes/js/wp-embed.min.js
Hackers add the malicious code and then obfuscate the entire file contents along with the original legitimate code so that the only way to clean the files without breaking the site functionality is to replace them with their original clean copies.
Continue reading Unwanted Ads via Baidu Links at Sucuri Blog.

Link: http://feedproxy.google.com/~r/sucuri/blog/~3/nQPyFMoT6gw/unwanted-ads-via-baidu-links.html

libsodium – Easy-to-use Software Library For Encryption

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further.

Its goal is to provide all of the core operations needed to build higher-level cryptographic tools. Sodium supports a variety of compilers and operating systems, including Windows (with MingW or Visual Studio, x86 and x64), iOS, Android, as well as Javascript and Webassembly.
Read the rest of libsodium – Easy-to-use Software Library For Encryption now! Only available at Darknet.

Link: https://www.darknet.org.uk/2018/03/libsodium-easy-to-use-software-library-for-encryption/

Encrypting a second hard drive

Open GParted and delete all partitions on the disk you want to encrypt Encrypt the partition sudo cryptsetup -y -v luksFormat /dev/sda Decrypt the new partition so that you can format it with ext4 sudo cryptsetup luksOpen /dev/sda sda_crypt sudo mkfs.ext4 /dev/mapper/sda_crypt Mount your new encrypted partition sudo mount /dev/mapper/sda_crypt / Automatically mount and decrypt …

Link: http://securityblog.gr/4498/encrypting-a-second-hard-drive/

Malicious Website Cryptominers from GitHub. Part 2.

Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time, we noticed another attack that also used GitHub for serving malicious code.
Encrypted CoinHive Miner in Header.php
The following encrypted malware was found in the header.php file of the active WordPress theme:
There are four lines of code in total. Each, when decoded, plays a different role.
CoinHive Injections
When decoded, the last two lines inject typical CoinHive cryptocurrency miners:

The miner is only shown conditionally, so bots are excluded and only human visitors will receive it.
Continue reading Malicious Website Cryptominers from GitHub. Part 2. at Sucuri Blog.

Link: https://blog.sucuri.net/2018/01/malicious-cryptominers-from-github-part-2.html