WordPress Sites Hijacked to Spread Malware on Windows & Mac
Hackers Exploiting WordPress Sites to Spread Malware on Windows and Mac
Cybercriminals are actively targeting outdated WordPress installations and vulnerable plugins, hijacking thousands of websites to distribute malware to Windows and macOS users. Security experts warn that this widespread campaign poses a serious threat to unsuspecting visitors.
Massive Exploitation of WordPress Websites
According to cybersecurity firm c/side, hackers are using compromised WordPress sites to deploy malware designed to steal passwords, financial credentials, and other sensitive information. Many of the infected websites rank among the most visited on the internet, increasing the risk of exposure for users worldwide.
“This is a highly commercialized attack that casts a wide net,” said Himanshu Anand, a researcher at c/side. He explained that attackers are not targeting specific individuals but instead attempting to infect as many users as possible through a “spray and pray” approach.
How the Attack Works
When a visitor lands on an infected WordPress site, the page appears normal before redirecting them to a fake Google Chrome update page. This deceptive prompt urges users to download a browser update, which in reality is malware tailored to their operating system.
- Windows Users: The malware delivered is SocGholish, a Windows trojan known for stealing credentials and injecting additional malicious payloads.
- Mac Users: The attack installs Amos (Atomic Stealer), a macOS infostealer designed to extract login credentials, cryptocurrency wallets, and other sensitive data.
Security analysts note that while this method relies on social engineering rather than advanced exploits, it remains highly effective due to the convincing nature of the fake update prompt. Once executed, the malware can harvest passwords, cookies, and financial data, giving attackers unauthorized access to victims’ online accounts.
Security Researchers Raise the Alarm
Simon Wijckmans, CEO of c/side, stated that they have alerted Automattic, the parent company of WordPress.com, providing a list of malicious domains linked to the campaign. While Automattic has acknowledged the report, no official statement has been released yet.
c/side’s analysis uncovered over 10,000 compromised websites, with malicious scripts distributed across multiple domains. The researchers used advanced web crawling and reverse DNS lookups to track the attack’s scope and distribution patterns.
Rising Threats to macOS Users
Although Windows has traditionally been the primary target for cyber threats, attacks on macOS users are on the rise. The Amos (Atomic Stealer) malware has been actively traded on underground hacker forums, available as malware-as-a-service, allowing cybercriminals to purchase or rent it for their attacks.
Patrick Wardle, a macOS security expert and co-founder of cybersecurity firm DoubleYou, emphasized that Amos is one of the most active macOS infostealers. However, successful installation requires user interaction, such as manually executing the malware and bypassing Apple’s built-in security measures.
How to Protect Yourself
To safeguard against this malware campaign, both website owners and users must follow essential cybersecurity practices:
- Keep WordPress and Plugins Updated: Ensure WordPress core, themes, and plugins are always updated to prevent exploitation.
- Avoid Downloading Updates from Pop-ups: Web browsers like Google Chrome update automatically. Always verify updates through official settings.
- Enable Multi-Factor Authentication (MFA): Adding an extra layer of security can prevent unauthorized logins, even if credentials are compromised.
- Use Security Plugins: WordPress site owners should install security plugins like Wordfence or Sucuri to detect and block threats in real time.
- Run Regular Security Scans: Use trusted antivirus or anti-malware software to detect and remove potential infections.
- Monitor Accounts for Unusual Activity: If you suspect a security breach, change your passwords immediately and review account activity.
Final Thoughts
With cybercriminals continuously refining their tactics, website owners and users must remain vigilant. Exploiting outdated software remains a key strategy for launching widespread attacks. Ensuring WordPress installations are updated and practicing safe browsing habits can significantly reduce the risk of infection.
The increasing prevalence of WordPress-based malware attacks underscores the necessity of proactive security measures. Whether you manage a website or browse the internet, staying informed and implementing strong cybersecurity practices can help protect against these evolving threats.
Large-Scale WordPress Malware Attack
Hackers are actively exploiting outdated WordPress websites to distribute dangerous malware targeting both Windows and macOS users. Cybercriminals compromise vulnerable sites and use them to redirect visitors to fake Google Chrome update pages, tricking them into downloading malicious software. Windows users are infected with SocGholish, a trojan designed to steal credentials and inject additional threats, while macOS users face Amos (Atomic Stealer), a powerful infostealer that extracts login details, cryptocurrency wallets, and other sensitive data.
Security researchers have identified over 10,000 compromised WordPress websites, making this one of the largest malware distribution campaigns in recent times. Many affected websites have high traffic, putting thousands of unsuspecting visitors at risk. Cybersecurity firms are urging WordPress site owners to update their core software, themes, and plugins to prevent exploitation. Installing security plugins like Wordfence and Sucuri can help detect and block such threats in real time.
To stay protected, users must be cautious when prompted to download browser updates, as legitimate updates are handled automatically by browsers like Google Chrome. Enabling multi-factor authentication (MFA), running regular malware scans, and monitoring online accounts for suspicious activity are critical steps to prevent unauthorized access.
As cybercriminals continue to refine their attack methods, staying informed and proactive is the best defense against these evolving threats. Keep your WordPress site secure, follow best security practices, and avoid falling victim to these deceptive attacks. Stay connected with NewsIq.us for the latest cybersecurity updates and tech news.
| Key Aspect | Details |
|---|---|
| Attack Type | WordPress site hijacking & malware distribution |
| Malware Used | SocGholish for Windows, Amos (Atomic Stealer) for macOS |
| Mechanism | Redirection to fake Chrome update pages |
| Targets | Both Windows and Mac users visiting compromised websites |
| Scale | Over 10,000 compromised WordPress websites |
| Prevention |
|
About the Author
0irmrt
vstp9k