Thousands of WordPress sites have been hijacked to distribute info-stealing malware, according to security researchers at cybersecurity company c/side. By exploiting outdated versions of WordPress sites and plug-ins, hackers have taken over and then used these vulnerable sites to trick visitors into downloading and installing malware which is then used to steal personal information.
Due to its sheer scope and size, the campaign is being described as a “spray and pay” style attack wherein it aims to compromise anyone who visits one of these compromised sites rather than targeting anyone specifically. When victims visit any one of the more than 10,000 sites that c/side has identified as compromised by the malware, it quickly changes its content to a fake Chrome browser page.
The fake Chrome page then requests that the visitor download and install an update in order for them to view the website. If the visitor installs the update, they’re actually downloading a malicious file that is capable of stealing passwords and other information. The two malware strains used here are Atomic Stealer, which is the macOS version, and SocGholish which is the version that targets Windows users.
AtomicStealer has been classified as an infostealer which infects computers to steal usernames, passwords, session cookies, crypto wallets and other sensitive data. One of the reasons this particular infostealer is being used in this campaign and others like it is because it employs a malware as a service model where hackers pay its creators to a monthly fee to deploy it in their own attacks. However, in order for it to be successfully installed, the user has to manually run it and bypass Apple’s built in security, which means they first have to fall for a hacker's tricks.
How to stay safe
First off, never download anything unless you know what it is and why you need to download it. No website should ever require you to download anything in order to view a webpage.
Secondly, always make sure that you keep your browser and your antivirus program up to date with the latest patches and fixes so that your system (be it Mac or PC) is always protected. You want to make sure that you have the best antivirus protection available, just in case any mistakes happen or anything sneaks by you. Some security suites also offer features like a VPN or a hardened browser as well for extra protection.
Lastly, make sure you protect your personal information by using one of the best password managers to safely create and store all of your credentials. You can also protect your personal information further by signing up for one of the best identity theft protections services like Norton LifeLock as well as making sure to keep an eye on your credit card reports and other statements on annualcreditreport.com.
More from Tom's Guide
- TikTok, Google, Amazon, Apple – which is worst for data privacy?
- Is DeepSeek safe to use?
- Microsoft Edge will soon protect you from these scary scams that even Chrome can't
