Thousands of WordPress websites hacked via plugin looking to steal user data

Trending 1 month ago
  1. Home
  2. Technology
  3. Thousands of WordPress websites hacked via plugin looking to steal user data
Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

A caller version of nan infamous ClearFake (AKA ClickFix) malware has been detected successful nan wild, and has already managed to discuss thousands of WordPress websites.

Researchers from GoDaddy declare to person spotted a version of this campaign, which installs malicious plugins to sites connected nan website builder. The threat actors would usage nan credentials stolen elsewhere (or bought connected nan achromatic market) to log into nan website’s WordPress admin account, and instal a seemingly benign plugin.

The victims are past enticed to download an update, which is conscionable a portion of malware that steals delicate data, aliases does thing other but arsenic sinister.

Thousands of compromised websites

In turn, nan plugin displays nan various popups, requesting nan victims do different actions (all of which lead to nan installation of infostealers).

The full process is automated, GoDaddy is saying, and truthful acold much than 6,000 WordPress websites person fallen prey.

"These seemingly morganatic plugins are designed to look harmless to website administrators but incorporate embedded malicious scripts that present clone browser update prompts to end-users,” nan researchers are saying. The plugins are “seemingly legitimate” arsenic they transportation family names successful nan WordPress world, specified arsenic Wordfense Security, aliases LiteSpeed Cache.

Here is nan afloat database of nan plugins spotted truthful far:

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

LiteSpeed Cache Classic
MonsterInsights Classic
Wordfence Security Classic
Search Rank Enhancer
SEO Booster Pro
Google SEO Enhancer
Rank Booster Pro
Admin Bar Customizer
Advanced User Manager
Advanced Widget Manage
Content Blocker
Universal Popup Plugin

ClearFake is simply a type of malware onslaught we’ve each seen successful nan past - a website is compromised and utilized to show a clone popup notification. This notification usually mimics an antivirus warning, aliases a browser notification, and informs nan personification that their machine is either infected pinch a virus, aliases outdated and truthful incapable to show nan desired website.

Via BleepingComputer

More from TechRadar Pro

  • Thousands of Zimbra servers attacked pursuing email relationship compromise
  • Here's a database of nan best firewalls today
  • These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

More
Source Technology
Technology

Related Article

Viltrox is changing the game for camera lenses, with its latest premium prime matching Sony’s best for half the price

Viltrox is changing the game for camera lenses, with its latest premium prime matching Sony’s best for half the price

2 weeks ago
Professionals are facing "tech overload" as they try to juggle multiple devices in the workplace

Professionals are facing "tech overload" as they try to juggle multiple devices in the workplace

2 weeks ago
The Galaxy S25 Ultra's rumored iPhone-beating power could tempt me back to Android

The Galaxy S25 Ultra's rumored iPhone-beating power could tempt me back to Android

2 weeks ago

Popular Article

Soundcore’s newest clip-style earbuds focus on comfort

Soundcore’s newest clip-style earbuds focus on comfort

1 month ago
Better than Black Friday: shop record-low prices on Samsung TVs at Best Buy

Better than Black Friday: shop record-low prices on Samsung TVs at Best Buy

1 month ago
AirPods Pro 2's hearing health features will arrive as a software update starting next week

AirPods Pro 2's hearing health features will arrive as a software update starting next week

1 month ago
The iPhone SE might serve an unexpected surprise next year

The iPhone SE might serve an unexpected surprise next year

1 month ago
The best budget laptops for 2024

The best budget laptops for 2024

1 month ago
English (US) English (US) · Indonesian (ID) Indonesian (ID) ·
About Us · Contact Us · Terms & Conditions ·

©2024 Latest Tech News.
All Rights Reserved.