Security researchers have discovered that hackers have changed their websites to deceive visitors, download and install them by using the old version of the WordPress and plugin.
Simon Wijckmans, the founder and CEO of the Web Security Company C/Side, told TechCrunch on Tuesday that the hacking campaign was still “very many live.”
Hacker's goal is to spread malware that can steal passwords and other personal information from both Windows and Mac users. According to C/Side, some of the hacked websites are ranked on the most popular site on the Internet.
“This is a wide and very commercialized attack,” said Himanshu Anand, who wrote the company's survey results. Anand said that the campaign was not a specific person or a group, but a “spray and pay” attack for compromising those who visit these websites.
When a hacked WordPress site is loaded into a user browser, the content is quickly changed and the fake Chrome browser update page is displayed, downloaded to visitors on the website, installed to display the website. I will do it. If the visitor accepts the update, the hacked website encourages visitors to download a specific malicious file to masculate as an update, depending on whether the visitor is on the Windows PC or Mac.
WijckMans warns that Automattic, a company that develops and distributes WordPress, has sent a list of malicious domains, and has warned that contacts in the company have accepted e -mail reception. Ta.
When I contacted TechCrunch before publishing, Megan Fox, Automattic spokesman, did not comment.
C/Side stated that it has identified more than 10,000 websites, which seemed to have been compromised as part of this hacking campaign. According to Wijckmans, the company has detected malicious scripts in several domains by crawging the Internet and performing reverse DNS lookup. This is a method of finding a domain and website associated with a specific IP address, clarifying the domain that hosts malicious scripts.
TechCrunch could not confirm the accuracy of C/Side's numbers, but on Tuesday, I saw one of the hacked WordPress websites, which still displayed malicious content.
From WordPress to Infostealing Malware
Two types of malware pushed on malicious websites are known as Amos (or AMOS Atomic Stealer) for MacOS users. Socgholish targeting Windows users.
In May 2023, Cyber Security Company Sentinelone published a report on Amos, infected malware with Infostealer, computers, and many user names and passwords, session Cookie, Crypto Walet, and other confidential data that enables hackers. We classify the type of malware designed to steal. Invents further into the victim's account and steals digital currency. Cyber, a cyber security company, reported that hackers were selling Telegram's access to Amos Malware.
PATRICK WARDLE, a co-founder of Cyber Security Startup Doubleyou, who is a macOS security expert and a co-founder of Cyber Security Startup DoubleYou, tells TechCrunch that Amos is “MacOS's most many-crafted stellar”. Created with a-service business model. Malware developers and owners sell them to hackers sold to hackers.
Wardle also said, “The user still needs to do it manually and jumps over a lot of hoops to install a lot of hoops in order to properly install the malicious files found by C/Side. You need to bypass. ”
This may not be a state -of -the -art hacking campaign, but considering that the hacker rely on the target and falls into a fake update page and installs malware, this is a chromium browser via the built -in software update function. It is a good reminder to update. Also, install only reliable apps on personal devices.
Malware and qualifications that steal passwords have been accused of some of the largest hacking and data infringement in history. In 2024, the hacker gained a lot of accounts of a company that hosted confidential data on a huge cloud computing snowflake, using a password stolen from a Snowflake customer computer.