PHP Malware Disguised as IonCube Scripts

Malware has been observed that has been disguised to appear almost identical to legitimate scripts produced by the ionCube PHP encoder. When executed on a web server running PHP, the malware runs remotely-supplied code which allows a remote attacker access to and control over the system. Over 700 websites have been identified as infected.

The ionCube fakes are similar in appearance to legitimate ionCube files.

Further technical details can be found here.

Affected Platforms:

  • Web servers running PHP

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.