- Researchers discover 10,000 WordPress Compromise sites
- The sites were integrated with a malicious JavaScript code
- The objective was to deliver infosteralists to the victims
Ten thousand WordPress websites were used to deliver infostative malware to victims performing Windows and MacOS devices, experts warned.
A C / Side cybersecurity researchers report says that a threat player probably compromised different WordPress sites using an old version of the platform (6.7.1) and with it – an older and obsolete plugin. Once the sites are violated, the attackers would deploy the malicious JavaScript code, which would generate a false page in an Iframe, to the visitors.
When a victim visits one of these sites, she would see a superimposed page indicating that she must update her browser if he wanted to display the content of the page. However, instead of downloading a patch, the victims would get either atomic (alias Amos, a popular infosteator for MacOS), or Socgholish (fundamentally the same thing, just for Windows).
Steal sensitive files
These information would seize all kinds of sensitive information from the target termination point – passwords stored in the browser, session cookies, cryptocurrency portfolio information and other potentially sensitive files.
Defense against these attacks requires web administrators to keep their sites up to date.
The WordPress website generator platform, to start, should be upgraded to version 6.7, published in mid-November 2024. Administrators should then go through all the themes and plugins they installed and delete Everyone they don’t use. The others should also be updated.
Finally, administrators should look for malicious scripts and delete them. C / Side claims that the attackers leave a steep door most of the time, to be able to return easily, if necessary. If they find traces of compromise, they should also examine the newspapers of the last 90 days to identify the type of malicious activity.
