Security researchers have discovered that hackers are leveraging outdated versions of WordPress and its plugins to manipulate thousands of websites, aiming to deceive visitors into downloading malware.
Simon Wijckmans, the CEO of web security firm c/side, informed TechCrunch that the hacking campaign is still very active. The attackers’ main objective is to disseminate malware that can steal passwords and other personal data from both Windows and Mac users. Some of these compromised websites rank among the internet’s most frequented.
According to Himanshu Anand of c/side, who documented the findings, this operation adopts a “spray and pray” approach, indiscriminately targeting visitors of these websites instead of specific individuals or groups. Once a visitor accesses a hacked WordPress site, the page swiftly shifts to a fake Chrome update prompt, tricking users into downloading a malicious file under the guise of a browser update.
Platform Response
Upon discovering these activities, Wijckmans contacted Automattic, the organization behind WordPress.com, and provided them with a list of domains involved in the campaign. Although Automattic did not initially comment on the issue, they later emphasized that the security of third-party plugins is the responsibility of the plugin developers themselves.
c/side identified over 10,000 websites that seemed to be part of this malicious campaign. They detected these through internet crawling and reverse DNS lookups, which helped them pinpoint additional domains hosting the harmful scripts.
The attackers push two types of malware: Amos, targeting macOS users, and SocGholish, targeting Windows users. These malware variants are designed to steal a wide range of sensitive information, enabling further unauthorized access to victims’ digital assets.
What The Author Thinks
This recent surge in WordPress site compromises serves as a stark reminder of the continuous need for vigilance and updated security measures in the digital realm. Users and web administrators alike must stay informed about the latest security practices and ensure their systems and software are up-to-date to fend off such invasive attacks. Regular audits, adherence to security best practices, and user education about the dangers of unsolicited downloads are essential steps in safeguarding personal and organizational data from increasingly sophisticated cyber threats.
Featured image credit: Vitya_maly via GoodFon
Follow us for more breaking news on DMR