Security researchers have uncovered an active hacking campaign exploiting outdated WordPress sites and their plugins, impacting over 10,000 websites. This widespread issue involves a method dubbed 'spray and pay,' targeting potential victims indiscriminately. When a user visits a compromised site, a fake Chrome update page appears, coercing them to download malware disguised as an update. The goal is to harvest sensitive information from both Windows and Mac users. Web security firm c/side alerted WordPress developers about these vulnerabilities, but no official comment has been provided by Automattic regarding the ongoing threat.
When the hacked WordPress sites load in a user's browser, the content quickly changes to display a fake Chrome browser update page, requesting the website visitor download and install an update in order to view the website.
C/side identified over 10,000 websites that appear to have been compromised as part of this hacking campaign, detecting malicious scripts on several domains.
Collection
[
|
...
]