A large-scale phishing campaign has emerged, targeting WooCommerce users with sophisticated fake security alerts urging them to download critical updates, which instead install backdoors. Patchstack, a WordPress security company, connects this activity to a similar campaign seen in December 2023 that utilized a fake CVE approach. The campaign exploits a non-existent vulnerability and directs victims to a phishing site disguised as WooCommerce, misleading them into downloading malicious software that grants unauthorized access to their websites.
Cybersecurity experts report a large-scale phishing attack against WooCommerce users, using fake security alerts to deploy backdoors under the guise of critical patches.
The phishing emails contain false claims about non-existent vulnerabilities, luring victims to spoofed websites that mimic legitimate platforms.
Collection
[
|
...
]