Threats Tagged 'joomla'
View all threats tagged with 'joomla'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'joomla'
Click on any threat for detailed analysis and mitigation recommendations
Joomla SEO Spam Injector: Obfuscated PHP Backdoor Hijacking Site Visitors 0 A compromised Joomla website displayed suspicious product links unrelated to the business. Investigation revealed heavily obfuscated PHP code injected at the top of index.php that contacted external command-and-control servers to receive instructions and manipulate content. The malware acts as a remote loader, assembling strings from two-character chunks to evade signature-based detection. It contacts primary C2 cdn.erpsaz.com and fallback cdn.saholerp.com, sending server fingerprint data and receiving dynamic instructions. Based on responses, it redirects visitors, injects spam content, or serves fake SEO pages to search engines. This approach allows attackers to control compromised sites remotely without modifying local files again, enabling dynamic spam injection, visitor redirection, and search engine manipulation while remaining undetected for extended periods. Join the discussion | AlienVault OTX General | 04/17/2026, 08:35:52 UTC Added: 04/17/2026, 10:31:53 UTC |
Showing 1 to 1 of 1 result