Hackers operate outdated versions of WordPress and plug -in to change thousands of websites in an attempt to mislead visitors to download and install malware, security researchers have found.
The hacking campaign is still “a lot of live”, Simon Wijckmans, the founder and CEO of Web Security Company C/Side, who discovered the attacks, Techcrunch told Tuesday.
The aim of the hackers is to spread malware that can steal passwords and other personal information from both Windows and Mac users. According to the C/Side of the most popular sites, some of the hacked websites are on the internet.
“This is a widespread and highly commercialized attack”, Himanshu Anand, who wrote The findings of the company onTechcrunch told. Anand said that the campaign is a “Spray and Pay” attack that aims to compromise everyone who visits these websites instead of focusing on a specific person or group of people.
When the hacked WordPress sites in the browser of a user load, the content changes quickly to display a fake update page of Chrome browser, whereby the website visitors are asked and install and install an update to the website View the researchers. If a visitor accepts the update, the hacked website will encourage the visitor to download a specific malicious file as an update, depending on whether the visitor is on a Windows PC or a Mac.
Wijckmans said that she developed and distributed and distributed the company that develops and distributes WordPress, about the hacking campaign and sent the list of malignant domains, and that their contact with the company recognized reception of their e -mail.
When he was reached by Techcrunch prior to publication, Megan Fox, an Automattic spokesperson, did not comment.
C/Side said it identified more than 10,000 websites that seem to have been compromised as part of this hacking campaign. Wijckmans said that the company detected malignant scripts in different domains by crawling on the internet and performing a reverse DNS lookup, a technique to find domains and websites that are associated with a certain IP address, which revealed more domains that the organized malignant scripts.
Techcrunch could not confirm the accuracy of C/Side figures, but we saw a hacked WordPress website that still display the malignant content on Tuesday.
From WordPress to Infosteel Malware
The two types of malware that are pushed on the malignant websites are known as Amos (or Amos Atomic Stealer), which focuses on macOS users; And Socghholish, which focuses on Windows users.
In May 2023, CyberSecurity firm Sentinelone a report published On amos, classification of the malware as an info, a kind of malware designed to infect computers and to steal so many user names and passwords, sessy cookies, crypto portfolios and other sensitive data that the hackers can further break into the victim’s accounts and their stable digital currency. CyberSecurity Firm Cyble reported The moment it discovered that hackers sold access to the Amos malware on Telegram.
Patrick Wardle, a macOS security expert and co-founder of Apple-oriented CyberSecurity Startup DoubleYou, told Techcrunch that Amos is “definitively the most productive stealer on macOS” and was made with the malware-as-a-service model, which does the means the means the Developers and owners of the malware sell it to the hackers who then implement it.
Wardle also noticed that for someone successfully on macOS on the malignant file found by C/Side, “the user still has to perform manually and jumps through many hoops to bypass Apple’s built -in security.”
Although this may not be the most advanced hacking campaign, given that the hackers rely on their goals to fall for the fake update page and then install the malware, this is a good reminder to update your Chrome browser Via the built-in software update function And to install only trusted apps on your personal devices.
Password-stealing malware and the theft of references are blamed for some of the greatest hacks and data breaches in history. In 2024, Hackers introduced the accounts of business giants that organized their sensitive data with cloud computing giant snowflake by using passwords stolen from the computers of Snowflake’s customers.