In the past few months, Quttera malware researchers encounter a significant rise in website defacements by hackers. Government websites, among the others, were under such cyber-attack and thus getting a lot of attention and concern from the public. Interesting fact that, in some cases, hacker groups used defacement as their "cyber branding". The number of such sites being defaced is then used as a global ranking of a responsible hacker group.
This post is about a website we have come across while removing the malware from the ThreatSign client website. At the first glance the code looked as some sort of clipboard for pasting information that can be retrieved anytime you want. We scour this online tool to check for any useful information just to discover that it is a, recently updated, hacker collection tool. Further investigation of this piece of malware revealed that website defacement can be as simple as clicking a button.

One of the recently updated codes was a PHP script and we can't believe that it has an automated defacer:

And with just one click of a button, your site is defaced:

In the image below you can see that this tool is then connects to another website to pass it the information about compromised website that has been defaced and adds it to the hacker group rankings:

To make long story short, this web malware appeared to be a reach-featured tool that cyber criminals using to control the attacked site. It even has its own investigation system. E.g. the code below will get the configuration of the target site:

If you suspect that your website was infected with malware, Quttera experts are always happy to clean it for you and help to prevent it - Malware Monitoring & Cleanup Plans For Websites