CyberSecurity news
FlagThis - #CrossPlatform
|
@gbhackers.com - 29d
A massive cyberattack has compromised over 10,000 WordPress websites, using them to distribute malware to both macOS and Windows users. The attackers exploited vulnerabilities in outdated WordPress versions and plugins, injecting malicious JavaScript code into the sites. This code redirects visitors to fake browser update pages, which then trick users into downloading malicious software. The campaign represents a significant escalation in threat sophistication, with the malware being delivered through client-side attacks via iframes. The malicious JavaScript dynamically injects the fake update pages, and also uses DNS prefetching to enhance the speed of loading these malicious domains.
The malware distributed includes AMOS (Atomic macOS Stealer), which targets macOS users by stealing sensitive data such as passwords and cryptocurrency wallet information. Windows users are targeted by SocGholish, a malware strain that acts as a downloader for additional malicious payloads. This coordinated approach on two operating systems suggests a sophisticated attack group or collaboration. Security experts warn that this is one of the first known cases of these specific malware strains being delivered through client-side attacks, and are urging website administrators to immediately update their WordPress installations and plugins, remove unused components, and review server logs for signs of compromise.
Share:
References :
Classification:
|