Connect with us

Black Hat Tactics

Whitespace Steganography Conceals Web Shell in PHP Malware

Published

on

Whitespace Steganography Conceals Web Shell in PHP Malware



Whitespace Steganography Conceals Web Shell in PHP Malware

Last November, we wrote about how attackers are using JavaScript injections to load malicious code from legitimate CSS files.

At first glance, these injections didn’t appear to contain anything except for some benign CSS rules. A more thorough analysis of the .CSS file revealed 56,964 seemingly empty lines containing combinations of invisible tab (0x09), space (0x20), and line feed (0x0A) characters, which were converted to binary representation of characters and then to the text of an executable JavaScript code.

Continue reading Whitespace Steganography Conceals Web Shell in PHP Malware at Sucuri Blog.



Source link

Continue Reading
Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.