Hackers are targeting outdated WordPress websites and plug-ins. The websites are hijacked to trap visitors with malware.
At least 10,000 websites running on WordPress have been hijacked by hackers, web security firm c/side notes in a blog. The websites are being used by the hackers to spread info-stealing malware. According to the company, some very popular websites have been targeted.
The hijacked websites have been turned into a fake Chrome browser-style update page. The visitor is shown a notification that an update must be installed first in order to view the website’s content. Hidden behind the button is malware that steals your login credentials and passwords. The hackers have developed malicious packages for both Windows and macOS.
10,000 websites
According to c/side, this is an active campaign and at least 10,000 websites have already been affected. These include websites that either use an outdated version of WordPress or have malicious plug-ins installed. Therefore, the goal of this campaign is to reach as many potential victims as possible, researchers tell TechCrunch. Automattic, the company responsible for WordPress, has been notified.
WordPress is a popular target for cybercriminals because millions of websites run on the CMS platform. In particular, the many plug-ins available for WordPress can be an Achilles heel. Web administrators sometimes forget to update those plug-ins, and before you know it, you’re opening the doors to your website’s backend wide open.