Hackers are exploiting outdated versions of WordPress and Plug-ins to change thousands of sites in an effort to fool visitors to download and install malware, they have found security researchers.
The hacking campaign is still “very vibrant”, said TechCrunch Simon Wijckmans, founder and chief executive of Web Security Company C/Side, who discovered the attacks on Techcrunch on Tuesday.
The goal of hackers is to spread malware capable of stealing passwords and other personal information from both Windows users and Mac users. Some of the twin websites are classified among the most popular sites on the internet, according to C/side.
“This is a widespread and very commercial attack,” wrote Himanshu Anand, who wrote up to the company’s findingssaid to TechCrunch. Anand said the campaign is a “spray and payment” attack that aims to endanger anyone who visits these sites instead of targeting a specific person or group of people.
When WordPress sites load on the browser, the content changes quickly to display a fake update page of the Chrome browser, asking the site visitor to download and install an update to see the site, according to researchers. If a visitor accepts the update, the hacked site will ask the visitor to download a specific malicious file disguised as an update, depending on whether the visitor is on a Windows or Mac computer.
Wijckmans said they warned Automattic, the company that is being developed and distributed WordPress.com about the hacking campaign and sent them the list of malicious sectors and that their contact to the company recognized their email receipt.
When TechCrunch arrived before the publication, Megan Fox, a spokesman for Automattic, did not comment.
The C/Side said it identified over 10,000 sites that appear to have been downgraded as part of this hacking campaign. Wijckmans said the company detected malicious scenarios in various areas by detecting the internet and performing a reverse DNS search, a technique for finding areas and sites associated with a particular IP address, which revealed more areas that host malicious scenarios .
TechCrunch was unable to confirm the accuracy of C/Side data, but we saw a WordPress website that still showed the malicious content on Tuesday.
From WordPress to Infostealing Malware
The two types of malicious software pushed into the malicious sites are known as Amos (or Amos Atomic Stealer), which targets MacOS users. and SoCGholish, which targets Windows users.
In May 2023, the company Cybersecurity Sentinelone posted a report In Amos, the sorting of malicious software as Infostealer, a type of malware designed to infect computers and steal like many usernames and passwords, periods cookies, cryptographic wallets and other sensitive data that allows hackers to enter further to the victim’s accounts and steal the digital currency. Discovered CYBERSECURITY CYBLE CYBLE At a time when he had found that hackers were selling access to malicious Amos software in Telegram.
Patrick Wardle, MacOS security expert and co-founder of the start-up of CYBERSECEUITY Doubleyou, concentrated on Apple, told TechCrunch that AMOS is “definitively the most productive thief in Macos” and was created with the business model Malware-A-A-Service, which That is, it means developers and malicious software owners to sell it to hackers who then develop it.
Wardle also noted that for someone to successfully install the malicious file found by the c/side “the user must run it by hand and pass through many wreaths to bypass Apple’s built -in security”.
Although this may not be the most advanced hacking campaign, as hackers are based on their goals to fall on the false update page and then install malware, this is a good reminder to update your Chrome browser Through the built -in software update update and install only reliable applications on your personal devices.
Malware with passwords and theft of credentials have been accused of some of the largest data violations and violations in history. In 2024, hackers were massively added the accounts of corporate giants who hosted their sensitive data with cloud computing giant snowflakes using passwords stolen from Snowflake customer workers.
