Thousands of WordPress websites hacked via plugin looking to steal user data

A new variant of the infamous ClearFake (AKA ClickFix) malware has been detected in the wild, and has already managed to compromise thousands of WordPress websites.

Researchers from GoDaddy claim to have spotted a variant of this campaign, which installs malicious plugins to sites on the website builder. The threat actors would use the credentials stolen elsewhere (or bought on the black market) to log into the website’s WordPress admin account, and install a seemingly benign plugin.

The victims are then enticed to download an update, which is just a piece of malware that steals sensitive data, or does something else but equally sinister.

Thousands of compromised websites

In turn, the plugin displays the various popups, requesting the victims do different actions (all of which lead to the installation of infostealers).

The entire process is automated, GoDaddy is saying, and so far more than 6,000 WordPress websites have fallen prey.

“These seemingly legitimate plugins are designed to appear harmless to website administrators but contain embedded malicious scripts that deliver fake browser update prompts to end-users,” the researchers are saying. The plugins are “seemingly legitimate” as they carry household names in the WordPress world, such as Wordfense Security, or LiteSpeed Cache.

Here is the full list of the plugins spotted so far:

LiteSpeed Cache Classic
MonsterInsights Classic
Wordfence Security Classic
Search Rank Enhancer
SEO Booster Pro
Google SEO Enhancer
Rank Booster Pro
Admin Bar Customizer
Advanced User Manager
Advanced Widget Manage
Content Blocker
Universal Popup Plugin

ClearFake is a type of malware attack we’ve all seen in the past – a website is compromised and used to display a fake popup notification. This notification usually mimics an antivirus warning, or a browser notification, and informs the user that their computer is either infected with a virus, or outdated and therefore unable to display the desired website.

Via BleepingComputer

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/YsReok3f8M9yESRDbeGJVH-1200-80.jpg

Source link

Quordle today – hints and answers for Wednesday, October 23 (game #1003)

NYT Strands today — hints, answers and spangram for Wednesday, October 23 (game #234)

NYT Connections today — hints and answers for Wednesday, October 23 (game #500)

How to watch RB Leipzig vs Liverpool live stream free

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Thousands of WordPress websites hacked via plugin looking to steal user data

Quordle today – hints and answers for Wednesday, October 23 (game #1003)

NYT Strands today — hints, answers and spangram for Wednesday, October 23 (game #234)

NYT Connections today — hints and answers for Wednesday, October 23 (game #500)

How to watch RB Leipzig vs Liverpool live stream free

Leave a reply Cancel reply