Sign1 Malware: Analysis, Campaign History & Indicators of Compromise

A new client recently came to us reporting seemingly random pop ups occurring on their website. While it was clear that there was something amiss with the website it was difficult to reproduce the issue. However, by inspecting our server side scanner logs we were able to locate the source of the unwanted behavior — and it turned out to be a remarkably interesting JavaScript injection related to a massive malware campaign that we internally call Sign1.

Continue reading Sign1 …

analysis campaign clear client compromise history indicators indicators of compromise issue locate logs malware pop random reporting scanner server server side the source ups website website malware infections wordpress security