Thousands of WordPress websites hacked via plugin looking to steal user data
techradar.com
A new variant of the infamous ClearFake (AKA ClickFix) malware has been detected in the wild, and has already managed to compromise thousands of WordPress websites.
Researchers from GoDaddy claim to have spotted a variant of this campaign, which installs malicious plugins to sites on the website builder. The threat actors would use the credentials stolen elsewhere (or bought on the black market) to log into the website’s WordPress admin account, and install a seemingly benign plugin.
The victims are then enticed to download an update, which is just a piece of malware that steals sensitive data, or does something else but equally sinister.
Thousands of compromised websites
In turn, the plugin displays the various popups, requesting the victims do different actions (all of which lead to the installation of infostealers).
The entire process is automated, GoDaddy is saying, and so far more than 6,000 ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE