Hackers Target Vulnerable Websites
A large-scale malware attack is underway, as Hackers Exploit WordPress versions and plugins to compromise thousands of websites. Belgian security firm C/side has raised the alarm about this widespread cyber threat, which is affecting both high-profile and lesser-known websites. According to security experts, websites running outdated versions of WordPress or using outdated plugins are particularly vulnerable to these malicious attacks. Hackers are using these weaknesses to hijack sites and distribute malware to unsuspecting visitors.
Malicious Campaign Unveiled
The attack, carried out as Hackers Exploit WordPress, involves injecting a fake Chrome update page into compromised websites. When visitors load an infected website, the page appears to prompt them to download and install a browser update to continue browsing the site. In reality, this so-called “update” is a disguised file that contains malicious software. The malware is tailored for both Windows and Mac users, with specific variants targeting each operating system. Windows users are infected with the SocGholish malware, while Mac users are targeted by the Amos (Amos Atomic Stealer) malware.
Both malware types are designed to steal sensitive information such as usernames, passwords, session cookies, and cryptocurrency wallets. The attack has been identified as an “info-stealer” campaign, to compromise personal data from affected users. Security experts have warned that these types of malware pose significant risks to individuals and organizations, especially those who may have saved sensitive data in their browsers or online accounts.
Scale of the Attack and Discovery Process
The scale of the attack is alarming, with C/side reporting that more than 10,000 websites, including some prominent ones, have already been compromised. As Hackers Exploit WordPress, this malware campaign is categorized as a “spray and pray” attack, meaning it targets anyone who visits the infected websites, rather than focusing on specific individuals or groups. Researchers discovered the scope of the attack by crawling the internet for malicious scripts and performing reverse DNS lookups to identify more compromised domains linked to the same IP address.
After uncovering the widespread infection, C/side alerted Automattic, the company behind WordPress, about the ongoing malware campaign. The security firm provided a list of affected websites to Automattic, who confirmed receipt of the report. Although no immediate fix has been issued, the exposure of the attack has brought attention to the critical need for website owners to maintain updated versions of WordPress and its plugins to prevent further compromises.