In a troubling development for web security, researchers from c/side, a cybersecurity firm, have uncovered a widespread campaign targeting WordPress sites. The operation has seen thousands of these sites hijacked to disseminate info-stealing malware, primarily by exploiting outdated versions of WordPress and its plugins. This alarming trend highlights the vulnerabilities that can arise when website maintenance is neglected.
The scale of this attack is significant, with over 10,000 compromised sites identified. Dubbed a “spray and pay” style assault, the campaign indiscriminately targets anyone who visits these infected sites, rather than singling out specific individuals. Upon visiting a compromised site, users are met with a deceptive imitation of a Chrome browser page, which prompts them to download an update to continue viewing the content. Unfortunately, this so-called update is a malicious file designed to harvest personal information, including passwords.
The malware at play includes two notable strains: Atomic Stealer, which targets macOS users, and SocGholish, aimed at Windows systems. Atomic Stealer is particularly insidious, functioning as an infostealer that infiltrates computers to extract sensitive data such as usernames, passwords, session cookies, and even cryptocurrency wallets. Its appeal lies in a malware-as-a-service model, allowing hackers to pay a subscription fee to utilize it in their own nefarious activities. However, for this malware to be successfully installed, users must unwittingly bypass built-in security measures, making them vulnerable to manipulation.
How to stay safe
To safeguard against such threats, users are advised to adhere to several best practices:
- Exercise caution when downloading: Always verify the source and necessity of any download. Legitimate websites should never require downloads to access their content.
- Keep software updated: Regularly update your browser and antivirus software to ensure your system remains fortified against emerging threats.
- Utilize password managers: Employ a reputable password manager to create and securely store complex passwords, enhancing your personal information security.
- Consider identity theft protection: Services like Norton LifeLock can provide an additional layer of security, while monitoring your credit card statements and reports can help catch any suspicious activity early.
By staying vigilant and informed, users can better protect themselves from the growing threat of malware and cyberattacks.
