Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Security researchers have found that hackers are using old versions of WordPress and Plugins to change thousands of websites in an attempt to drive visitors to download and install visitors.
The hacking campaign is still “very live”, the web security agency C/Side founder and CEO Simon Wiscoms, which invented the attacks, told TechCrunch on Tuesday.
The goal of hackers is to spread malware capable of stealing passwords and other personal information from both Windows and Mac users. Some of the hacked websites according to C/Side are among the most popular sites on the Internet.
“This is a broad and very commercialization attack,” the Himshshu Anand, who wrote The organization’s searching upTell TechCrunch. Anand said that this promotion is a “spray and pay” attack whose goal is to compromise with anyone on these websites rather than targeting people in a particular person or group.
When the hacked WordPress sites are loaded into a user browser, the content changes quickly to display a fake Chrome browser update page, download and install an update to visit the website visitor and install the researchers. If a visitor accepts the update, the hacked website will request the visitor to download a specific malicious file masking as updates depending on the Windows PC or Mac.
Wiscoms said they had warned the WordPress agency Automatic about the hacking promotion and sent a list of their malicious domains and acknowledged their email to the company receiving their email.
When he reached TechCrunch before the publication, Automatic spokesman Megan Fox did not comment.
C/Side says it has identified more than 10,000 websites that seem to have been compromised as part of this hacking promotion. Wiskamans said that the company crawled the Internet and detected contaminated scripts in several domains by a reverse DNS look up, domains and websites associated with a specific IP address, which has published more domains of hosting hosting.
TechCrunch C/Side could not confirm the accuracy of the statistics, but we saw a hacked WordPress website that is still displaying contaminated content on Tuesday.
From WordPress to Infosting Malware
The two types of malware that are being pushed on contaminated websites are known as AMOS (or AMOS nuclear steelrs), which targets Macos users; And Sokgolis, which targets Windows users.
In May 2023, Cybercquire Farm Sentinelone Reveal a report At AMOS, to classify the malware as a InfostelerTo infect computers and to steal many usernames and passwords, sessions cookies, crypto wallet and other sensitive data that allow hackers to break the victim’s accounts further and steal their digital currency. CyberSSSIGHT FIRM CYBALS Report The time it was found that hackers were selling access to AMOS malware in the wire.
Patrick Warden, a Macos Protection Expert and Co-founder Apple-centric cyberscopery startup doublesTechCrunch told that Amos “Macos is specifically the most obvious steelr” and it was made with malware-Hissab-A-Servis Business Model, which means malware developers and owners sell it to hackers who deployed it.
Wordle also mentions that someone will still manually run it manually to install the contaminated file found by C/Side and jump through a lot of hoops to bypass Apple’s built -in protection. ”
Although it may not be the most advanced hacking promotion, the hackers rely on their goals to read on fake update page and then install the malware, it is a good reminder to update your Chrome browser Through its built -in software update feature And simply to install trusted applications on your private device.
Some of the largest hacks and data violations in the history of theft of password-knife malware and credentials have been blamed for violations. In 2024, hackers trusted the accounts of corporate giants that host their sensitive data with Cloud Computing Giant Snowflake Snowflake customers use staff stolen passwords from the computerThe
