New Malware Uses PHP Variable Functions and Cookies to Evade Detection
Category:Threats / Web Security
A sophisticated malware campaign has been detected targeting WordPress sites using PHP variable functions and cookie-based obfuscation. The malware fragments code across cookies, reconstructing executable functions at runtime, enabling stealth execution and persistent backdoor control across 30,000+ infections.
CORTEX Protocol Intelligence Assessment
Business Impact: Widespread compromise of web applications poses data integrity and reputational risks. Technical Context: Uses PHP variable functions and cookie-based payload assembly to evade static analysis.
Strategic Intelligence Guidance
- Scan web servers for abnormal cookie activity and encoded payloads.
- Deploy runtime web integrity monitoring for PHP environments.
- Update WAF signatures to detect multi-cookie obfuscation.
- Isolate compromised CMS instances and reset credentials.
Vendors
Threats
Targets
Impact
Data Volume:30,000+ sites
Intelligence Source: New Malware Attack Using Variable Functions and Cookies to Evade and Hide Their Malicious Scripts | Oct 25, 2025