Code Comments Reveal SCP-173 Malware
We sometimes find malware code injections that contain strange code comments, which are normally used by programmers to annotate a section of code — for example, a short description of a feature or functionality for other developers to reference.
Oftentimes, hackers aren’t interested in leaving comments describing how their injected malware works. Instead, they use code comments to add unique identifiers to reference aliases, quotes, threat groups, or sometimes even memes. Unlike defacements, these code comments aren’t intended to be displayed on the infected website and can easily go unnoticed.