Malware News Over 6,000 WordPress hacked to install plugins pushing infostealers

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,389
WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware.

Over the past couple of years, information-stealing malware has become a scourge to security defenders worldwide as stolen credentials are used to breach networks and steal data.

Since 2023, a malicious campaign called ClearFake has been used to display fake web browser update banners on compromised websites that distribute information-stealing malware.

In 2024, a new campaign called ClickFix was introduced that shares many similarities with ClearFake but instead pretends to be software error messages with included fixes. However, these "fixes" are PowerShell scripts that, when executed, will download and install information-stealing malware.

ClickFix campaigns have become increasingly common this year, with threat actors compromising sites to display banners showing fake errors for Google Chrome, Google Meet conferences, Facebook, and even captcha pages.
While it is unclear how the threat actors are obtaining the credentials, the researcher notes it could be through previous brute force attacks, phishing, and information-stealing malware.

If you are a WordPress operation and are receiving reports of fake alerts being displayed to visitors, you should immediately examine the list of installed plugins, and remove any that you did not install yourself.

If you find unknown plugins, you should also immediately reset the passwords for any admin users to a unique password only used at your site.
 
  • Like
Reactions: simmerskool

Victor M

Level 13
Verified
Top Poster
Well-known
Oct 3, 2022
639
WordPress, bane of security. Tons of attacks over the years. (of course we don't use it). I have had "developers" tell me: "millions of users can't be wrong". And also: "just install some security and it will be fine". Can't avoid a broken bridge despite yellow warning signs placed miles ahead.
 
Last edited:
  • Like
Reactions: simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top