Hackers are using outdated versions of WordPress and supplements to change thousands of websites in an effort to deceive visitors to download and install malware, security researchers have discovered.
The hacking campaign is still “Very Live”, Simon Wijckmans, founder and CEO of the Internet C/Side security company, which discovered the attacks, told Techcrunch on Tuesday.
The purpose of hackers is to spread malware capable of stealing passwords and other personal information from Windows and Mac users. Some of the hacked websites are among the most popular websites, according to C/Side.
“This is a widespread and highly commercialized attack,” Himanshu Anand, who wrote the findings of the company, told Techcrunch. Anand said the campaign is a “spray and payment” attack that aims to compromise anyone visiting these websites rather than targeting a specific person or group of people.
When WordPress hacked pages load to a user’s browser, the content changes quickly to display a fake Chrome browser update page, demanding that the website visitor download and install an update to view the website, found researchers. If a visitor accepts the update, the hacked website will encourage the visitor to download a specific malfunctioning file, disguising as an update, depending on whether the visitor is on a Windows PC or a Mac.
Wijckmans said they warned Automattic, the company that develops and distributes WordPress, regarding the hacker campaign and sent them a list of malicious fields, and that their contact in the company accepted their email.
When it was reached by Techcrunch before the publication, Megan Fox, a spokesman for Automattic, did not comment.
C/Side said he identified over 10,000 websites that appear to have been compromised as part of this hacim campaign. Wijckmans said the company discovered malicious scripts in several areas by dragging online, and performing a reverse DNS search, a technique to find fields and websites linked to a specified IP address, which discovered most Many fields expected of malicious scripts.
Techcrunch cannot confirm the accuracy of the C/Side figures, but we saw a hacked WordPress website that was still displaying malicious content on Tuesday.
By WordPress to Malware Infostealing
Both types of malware that are being pushed on malicious websites are known as Amos (or Amos Atomic Stealer), which aims at Maco users; and Socgholish, which targets Windows users.
In May 2023, the Internet Security Firm Sentinelone published a report on Amos, classifying malware as an infostealer, a type of malware designed to infect computers and steal as many user names and passwords, session cookies, wallets of cryptocurrencies and other sensitive data that allow hackers to further enter the victim’s accounts and to steal their digital coin. Internet security firm Cyble reported at the time that it had discovered that hackers were selling access to Malware Amos to the telegram.
Patrick Wardle, a Macos security expert and co-founder of the online security-centered online security, told Techcrunch that AMOS is “eventually the most fruitful thief in Macos”, and was created with the Malware-Si business model-one Service, means developers and Malware owners sell to hackers who then place it.
Wardle also pointed out that for someone to successfully install the malfunctioning file found by C/Side “the user still has to execute it by hand, and jump into many stones to bypass Apple’s integrated security. “
While this may not be the most advanced campaign of hackers, given that hackers rely on their goals to fall on the False update site and then install malware, this is a good reminder to update your browse Chrome through its feature of constructed software update and install only entrusted applications on your personal equipment.
Malware-Theft with password and theft of credentials have been blamed for some of the biggest databases and data violations in history. In 2024, mass attack hackers corporate giants accounts that waited for their sensitive data with the Cloud Cloud Snowflake giant using stolen passwords from Snowflake customer workers.
