Question
-
Topic
-
Linux Maldet Scan finding malware in favicon.ico files – Joomla 3.8.6
LockedI’m wondering if anyone has experienced this kind of malware and knows how it may be occurring.
Our nightly maldet scans are finding 2-4 favicon.ico files with malware, only these favicon.ico files are not where they should be in the file structure.
Example maldet scan:
HOST : –cleared-out–
SCAN ID : 180412-0331.27527
STARTED : Apr 12 2018 03 :31 :19 -0500
COMPLETED : Apr 12 2018 03 :32 :17 -0500
ELAPSED : 58s [find : 1s]PATH :
RANGE : 1 days
TOTAL FILES : 1292
TOTAL HITS : 2
TOTAL CLEANED : 0FILE HIT LIST :
{HEX}php.base64.v23au.186 : /var/www/vhosts/–clered-out–/httpdocs/plugins/system/admintools/favicon_b5187e.ico => /usr/local/maldetect/quarantine/favicon_b5187e.ico.2409932083
{HEX}php.base64.v23au.186 : /var/www/vhosts/–cleared-out–/httpdocs/libraries/src/Environment/favicon_cc89b9.ico => /usr/local/maldetect/quarantine/favicon_cc89b9.ico.279812132
===============================================
Linux Malware Detect v1.6.2 < proj@rfxn.com >Any help would be appreciated.