Gadget Insiders
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox
No Result
View All Result
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox
No Result
View All Result
Gadget Insiders
No Result
View All Result
Home News

Over 10,000 WordPress Sites Hit by Fake Update Scam, Stealing User Data Across the Globe

Prashant Chaudhary by Prashant Chaudhary
January 31, 2025
in News, Scams/Hacks
Reading Time: 2 mins read
0
Alert Over 10,000 WordPress Sites Hit by Fake Update Scam, Stealing User Data Across the Globe----

In a disturbing development, cybersecurity researchers at c/side have unveiled that more than 10,000 WordPress sites have been hijacked by cybercriminals. These sites were manipulated to display counterfeit Google browser update notifications, tricking users into downloading malware that targets sensitive information.

Alert Over 10,000 WordPress Sites Hit by Fake Update Scam, Stealing User Data Across the Globe
WordPress sites fall prey again

A Clever Disguise for Cyber Attacks

The compromised WordPress websites were found to be utilizing an outdated version of the platform, specifically version 6.7.1, which includes an older plugin that served as the entry point for the attackers. Once they gained access, the criminals embedded malicious JavaScript code into the sites. This code generates a fake overlay page that misleads visitors into believing they need a browser update to proceed.
Visitors who attempt to download the supposed update are unwittingly installing dangerous malware variants like Atomic (also known as AMOS) for macOS users, or SocGholish for those on Windows. This clever deceit not only breaches user trust but also turns their devices into repositories of stolen data.

Alert Over 10,000 WordPress Sites Hit by Fake Update Scam, Stealing User Data Across the Globe-
Fake updates hide malware scams

The Sinister Mechanics of Infostealers

The goal of these infostealers is alarmingly straightforward: to harvest as much personal data as possible. The malware specifically targets the extraction of passwords, session cookies, cryptocurrency wallet details, and other sensitive data stored within the victim’s device. Such attacks not only compromise individual security but also pose significant risks to broader network safety if infected devices connect to larger systems.

Alert Over 10,000 WordPress Sites Hit by Fake Update Scam, Stealing User Data Across the Globe--
Thousands tricked by browser hoax

Safeguarding Your WordPress Site from Cyber Threats

Protecting against such sophisticated threats requires diligence from web administrators. All WordPress sites must be updated regularly, starting with the core software itself. WordPress version 6.7, released in mid-November 2024, includes security enhancements designed to thwart such exploits.
Additionally, administrators should rigorously manage their themes and plugins:

  • Uninstall unnecessary plugins and themes to minimize vulnerabilities.
  • Update all necessary components to their latest versions to close security gaps.
  • Scan for and eliminate any malicious scripts detected on the site.
  • Regularly review system logs from the past 90 days to identify and understand any breach that might have occurred.
Alert Over 10,000 WordPress Sites Hit by Fake Update Scam, Stealing User Data Across the Globe---
Cybersecurity breach compromises WordPress users

Experts from c/side also warn that attackers often leave backdoors on the websites they compromise. These backdoors enable them to easily regain access should they wish to launch subsequent attacks or update their malware. Therefore, constant vigilance and comprehensive security practices are essential for maintaining a secure WordPress environment.

In conclusion, as WordPress continues to power millions of websites globally, the responsibility for securing these sites from such deceptive attacks lies not only with the webmasters but also with the users. By staying informed about the latest security practices and remaining cautious with online updates, users can protect themselves against these insidious cyber threats.

Tags: Browser UpdateCybersecurityinfostealermalware attackplugin vulnerabilityWeb SafetyWordPress security

TRENDING

GitHub Launches New AI Agent to Fix Bugs, Add Features, and Revolutionize Coding for Developers---

GitHub Launches New AI Agent to Fix Bugs, Add Features, and Revolutionize Coding for Developers

May 23, 2025
Apple Delays Major AirPods Updates Until 2026, No New AirPods Pro in 2025

Apple Delays Major AirPods Updates Until 2026, No New AirPods Pro in 2025

May 23, 2025
Apple to Let EU Users Switch from Siri to Google Assistant or AlexaApple to Let EU Users Switch from Siri to Google Assistant or Alexa

Apple to Let EU Users Switch from Siri to Google Assistant or Alexa

May 23, 2025
Take-Two CEO Confirms Short Delay for GTA 6, No Further Postponements Expected

Take-Two CEO Confirms Short Delay for GTA 6, No Further Postponements Expected

May 23, 2025
Bluesky Tests New 'Live' Feature to Link Sports and Livestreams Directly from Profiles

Bluesky Tests New ‘Live’ Feature to Link Sports and Livestreams Directly from Profiles

May 23, 2025
iPhone 17 Air Leaked Battery and Weight Details Spark Excitement Ahead of Launch

iPhone 17 Air – Leaked Battery and Weight Details Spark Excitement Ahead of Launch

May 23, 2025
Qualcomm Snapdragon 8 Elite 2: What to Expect from the 2025 Flagship SoC

Qualcomm Snapdragon 8 Elite 2 – What to Expect from the 2025 Flagship SoC

May 23, 2025
Epic Games Takes Apple to Court to Bring Fortnite Back to iOS Store

Epic Games Takes Apple to Court to Bring Fortnite Back to iOS Store

May 23, 2025
  • Contact Us
  • Terms
  • Privacy
  • Copyright
  • About Us
  • Fact Checking Policy
  • Corrections Policy
  • Ethics Policy

Copyright © 2023 GadgetInsiders.com

No Result
View All Result
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox

Copyright © 2023 GadgetInsiders.com.