"Researchers at Rapid7 say the scheme works by injecting malicious code into compromised sites, which then serve visitors a convincing fake Cloudflare CAPTCHA page. Instead of simply proving you're not a robot, the prompt instructs users to copy and run a command on their machine - a step that ultimately triggers the download of credential-stealing malware."
"The trick works because the attack starts on websites that otherwise look perfectly legitimate. Visitors think they're just clearing yet another Cloudflare bot check - the sort that litters the modern web - when in fact they're being talked through the first step of infecting their own machine."
"The large-scale execution of the compromise across completely unrelated WordPress instances suggests a high level of automation by the threat actor and is likely part of an organized long-term criminal effort."
Cybercriminals have compromised numerous legitimate WordPress websites, including a US Senate candidate's official webpage, as part of a coordinated infostealer operation. The attack injects malicious code that displays a convincing fake Cloudflare CAPTCHA verification page to visitors. Rather than simply proving they're human, users are instructed to copy and execute a command on their machine, which triggers the download of credential-stealing malware. This technique exploits the ClickFix social engineering playbook, where victims unknowingly infect their own systems while believing they're completing a routine security verification. The widespread compromise across unrelated WordPress instances indicates automated, large-scale attacks by organized criminals. Once executed, the infostealer malware quietly harvests sensitive data including browser-stored credentials from infected machines.
#wordpress-security #infostealer-malware #social-engineering #credential-theft #automated-cyber-attacks
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]