Hackers Exploit Outdated WordPress Versions and Plugins in Widespread Malware Attack

Hackers Exploit WordPress in Massive Malware Attack | Enterprise Wired

Share Post:

LinkedIn
Twitter
Facebook
Reddit
Pinterest

Hackers Target Vulnerable Websites

A large-scale malware attack is underway, as Hackers Exploit WordPress versions and plugins to compromise thousands of websites. Belgian security firm C/side has raised the alarm about this widespread cyber threat, which is affecting both high-profile and lesser-known websites. According to security experts, websites running outdated versions of WordPress or using outdated plugins are particularly vulnerable to these malicious attacks. Hackers are using these weaknesses to hijack sites and distribute malware to unsuspecting visitors.

Malicious Campaign Unveiled

The attack, carried out as Hackers Exploit WordPress, involves injecting a fake Chrome update page into compromised websites. When visitors load an infected website, the page appears to prompt them to download and install a browser update to continue browsing the site. In reality, this so-called “update” is a disguised file that contains malicious software. The malware is tailored for both Windows and Mac users, with specific variants targeting each operating system. Windows users are infected with the SocGholish malware, while Mac users are targeted by the Amos (Amos Atomic Stealer) malware.

Both malware types are designed to steal sensitive information such as usernames, passwords, session cookies, and cryptocurrency wallets. The attack has been identified as an “info-stealer” campaign, to compromise personal data from affected users. Security experts have warned that these types of malware pose significant risks to individuals and organizations, especially those who may have saved sensitive data in their browsers or online accounts.

Scale of the Attack and Discovery Process

The scale of the attack is alarming, with C/side reporting that more than 10,000 websites, including some prominent ones, have already been compromised. As Hackers Exploit WordPress, this malware campaign is categorized as a “spray and pray” attack, meaning it targets anyone who visits the infected websites, rather than focusing on specific individuals or groups. Researchers discovered the scope of the attack by crawling the internet for malicious scripts and performing reverse DNS lookups to identify more compromised domains linked to the same IP address.

After uncovering the widespread infection, C/side alerted Automattic, the company behind WordPress, about the ongoing malware campaign. The security firm provided a list of affected websites to Automattic, who confirmed receipt of the report. Although no immediate fix has been issued, the exposure of the attack has brought attention to the critical need for website owners to maintain updated versions of WordPress and its plugins to prevent further compromises.

RELATED ARTICLES

Toyota Increases Profit Forecast Despite Quarterly Decline

Toyota Increases Profit Forecast Despite Quarterly Decline

Toyota Raises Full-Year Profit Outlook Toyota Motor Corporation has increased its full-year operating profit forecast by 9%, demonstrating confidence in…
Snap Surpasses Profit Expectations Amid Advertising Strength

Snap Surpasses Profit Expectations Amid Advertising Strength

Snap Beats Wall Street Estimates with Strong Ad Revenue Snap Profit exceeded Wall Street expectations for the quarter, driven by…
U.S. Canada Trade Tensions Escalate Amid New Tariffs

U.S. Canada Trade Tensions Escalate Amid New Tariffs

Rising Friction Between Close Neighbors  The recent decision by the U.S. administration to impose New Tariffs on Canadian imports has…
X Sues Major Companies Over Alleged Advertising Boycott

X Sues Major Companies Over Alleged Advertising Boycott

Expanding Lawsuit Against Advertisers The social media platform X Sues Major Companies as it escalates its legal battle against major…