- Researchers discover 10,000 WordPress Committed Sites
- The sites were embedded with malicious javascript code
- The goal was to deliver infants to the victims.
Ten thousand WordPress websites were being used to deliver childhood malware to victims who run Windows and MacOS devices, experts warned.
A report by Cybersecurity researchers in C/Side states that a threat actor probably compromised different WordPress sites using an earlier version of the platform (6.7.1) and with it, an old and obsolete complement. Once the sites are violated, the attackers would display the malicious JavaScript code, which would generate a false page in an IFRAME, to visitors.
When a victim visits one of these sites, he would see an superimposed page that indicates that they need to update their browser if they want to see the content of the page. However, instead of downloading a patch, the victims would get atomic (also known as Amos, a popular infoptealist for macOS), or Socgholish (basically the same, only for windows).
Steal sensitive files
These infants of infants would obtain all kinds of confidential information from the end point of destination: from passwords stored in the browser, to session cookies, cryptocurrency wallet information and other potentially confidential files.
Defending against these attacks requires that web administrators maintain their updated sites.
The Builder Builder of WordPress, to begin with, must be updated to version 6.7, launched in mid -November, 2024. Administrators must go through all the topics and accessories they have installed, and eliminate all those who are not using. The remaining must also be updated.
Finally, administrators must look for malicious scripts and eliminate them. C/Side states that the attackers leave a back door most of the time, to be able to return easily, if necessary. If they find traces of commitment, they must also review the records of the last 90 days to identify what type of malicious activity was done.
