Cybersecurity researchers have uncovered a large-scale hacking campaign exploiting outdated WordPress sites and plugins to distribute malware to unsuspecting users. The attack, described as “very much live” by Simon Wijckmans, founder and CEO of web security firm c/side, is designed to deceive users into downloading malicious software that steals sensitive data.
The campaign targets both Windows and macOS users through a fake Chrome update page. When visitors access an infected WordPress site, they are prompted to install a supposed browser update. If they comply, malware specifically tailored for their operating system is installed—Amos (Atomic Stealer) for Mac and SocGholish for Windows—both of which are designed to harvest credentials, cryptocurrency wallets, and other personal data.
Security firm SentinelOne previously classified Amos as an “infostealer” that enables hackers to hijack accounts and steal digital assets. Meanwhile, SocGholish, commonly spread through compromised websites, acts as an entry point for further cyber intrusions.
Reports suggest that over 10,000 websites have been compromised, with many ranking among the most-visited on the internet. Attackers are employing a “spray and pray” approach, infecting as many sites as possible rather than focusing on specific targets. Researchers at c/side used reverse DNS lookup to identify affected domains and have notified Automattic, the company behind WordPress.com, of the breaches. However, Automattic has not publicly responded to the issue.
Cybersecurity experts urge website administrators to keep WordPress installations and plugins updated to prevent such exploits. Users are advised to only update Chrome through official channels and to avoid downloading software from suspicious prompts. The campaign highlights the ongoing risk of password-stealing malware, which has led to significant breaches, including mass account thefts from business giants in 2024.
This attack underscores the importance of staying vigilant online, regularly updating software, and implementing strong cybersecurity measures to safeguard against evolving threats.
