Unprotected versions of WordPress and their ancillary plugins have become unexpected hosts for malware deployment, with hackers manipulating users into downloading these dangerous softwares by changing the content of such sites, security experts reveal.
A brainchild of cybercrime, this dangerous campaign is targeting websites across the globe, some of which have significant internet traffic. The primary aim? Pushing out malware capable of password theft and personal information hijacking.
When users attempt to access these compromised WordPress sites, a deceptive Chrome browser update page appears, encouraging users to download an update to continue. This so-called ‘update’, however, is a malicious file disguised as the real deal, varying for Mac and Windows systems alike, researchers say.
According to cybersecurity company, c/side, over 10,000 websites have fallen prey to this scam. The hackers sprinkle their malicious scripts across the web, waiting for unsuspecting users to download their poisoned presents.
Amos, or Amos Atomic Stealer, and SocGholish are two such ‘presents’. Aimed at macOS and Windows users, respectively, these malware types infect computers, stealing access data and precious digital currency from the victims.
The effectiveness of these malware campaigns, however, should not disrupt the importance of updating your browsing software and keeping your personal devices secured with reliable applications.
Original source: Read the full article on TechCrunch
