Over 6,000 WordPress Sites Hacked to Install Plugins Pushing Infostealers

Share post:

More than 6,000 WordPress websites have been hacked to install malicious plugins that push information-stealing malware, according to a new report by GoDaddy and security researcher Denis Sinegubko. The campaign, known as ClearFake and ClickFix, displays fake software updates and error messages to trick users into installing malware.

ClearFake, active since 2023, initially used fake browser update banners to distribute infostealers. In 2024, a new variant called ClickFix emerged, masquerading as software error messages. These messages claim to offer fixes, which are actually PowerShell scripts that download malware onto victims’ devices. The campaign has become more common this year, with threat actors targeting Google Chrome, Facebook, Google Meet, and even captcha pages.

The threat actors behind ClickFix have breached WordPress sites by installing seemingly legitimate plugins with names resembling popular plugins, such as Wordfence Security Classic and LiteSpeed Cache. Once installed, these malicious plugins inject JavaScript into the websites, which then load further malicious scripts from Binance Smart Chain (BSC) smart contracts, displaying fake alerts.

The GoDaddy Security team notes that attackers likely gained access using stolen WordPress admin credentials obtained via brute force attacks, phishing, or previous malware. Once inside, the attackers uploaded and installed the malicious plugins in an automated manner. The malware campaign remains ongoing, with WordPress administrators urged to check installed plugins and change passwords immediately if unknown plugins are found.

 

SUBSCRIBE NOW

Related articles

Rogers CEO Faces Grilling Over Mid-Contract Price Hikes, Customer Complaints

Rogers Communications CEO Tony Staffieri testified before a Parliamentary committee Monday, facing tough questions about mid-contract price increases...

Russian State-Backed Cyber Attack Exploits Zero-Day Vulnerabilities in Windows and Firefox

Headline: A sophisticated cyberattack leveraging two chained zero-day vulnerabilities in Mozilla Firefox and Microsoft Windows has been confirmed by...

OpenAI’s Text-to-Video Generator Leaked by Disgruntled Artists

A group of 16 artists has leaked OpenAI's unreleased text-to-video generator, Sora, accusing the $157 billion AI company...

Who Owns Your Social Media Accounts? Elon Musk Says YOU Don’t. Hashtag Trending for Thursday, November 28, 2024

Can AI help accelerate renewable energy projects?  Artists leak OpenAI’s New Video Tool In Protest, and Who really...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways