More than 6,000 WordPress websites have been hijacked by an ongoing malware campaign that installed malicious plugins that spread malware that steals personal information. The effort, called ClearFake, started in 2023 and uses phony browser error messages to mislead people into installing malware.
The spyware, which targets both Windows and macOS users, has the ability to steal confidential information, according to BleepingComputer. Infostealers such as AMOS Stealer on macOS and StealC and Rhadamanthys on Windows are among the malware used in these assaults.
Malicious WordPress plugins that propagate malware frequently seem just like genuine ones, such as Wordfence Security, making them difficult to identify. These plugins load extra scripts stored on Binance Smart Chain by inserting malicious JavaScript into the HTML of hacked websites. Security researchers at GoDaddy have monitored these fraudulent plugins and discovered that hackers install them using administrator credentials that have been stolen.
WordPress administrators are advised to routinely check their websites for strange plugins and to reset admin credentials right away if any questionable behavior is found in order to reduce the risk.
Recently, ClickFix, a similar continuing scam, has grown to use phony Google Meet sites to trick people into running malicious PowerShell scripts. Phishing emails pose as Google Meet invitations, and when victims click on the link, they are taken to fake websites that mimic real Google Meet conferences. Fake technical faults are displayed on these pages, leading visitors to copy and execute a command that eventually infects their machine with malware that steals personal information.
Attackers are using social engineering techniques in addition to technological flaws in both situations. WordPress websites are especially vulnerable because of plugin flaws that give hackers administrator access. Site managers should make sure plugins are constantly up to date and routinely monitor for unusual activity in order to lessen these risks.
