PHP Malware Disguised as IonCube Scripts

Malware has been observed that has been disguised to appear almost identical to legitimate scripts produced by the ionCube PHP encoder. When executed on a web server running PHP, the malware runs remotely-supplied code which allows a remote attacker access to and control over the system. Over 700 websites have been identified as infected.

The ionCube fakes are similar in appearance to legitimate ionCube files.

Further technical details can be found here.

Affected Platforms:

  • Web servers running PHP

Leave a Reply