Gadget Insiders
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox
No Result
View All Result
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox
No Result
View All Result
Gadget Insiders
No Result
View All Result
Home News

Over 10,000 WordPress Sites Hit by Fake Update Scam, Stealing User Data Across the Globe

Prashant Chaudhary by Prashant Chaudhary
January 31, 2025
in News, Scams/Hacks
Reading Time: 2 mins read
0
Alert Over 10,000 WordPress Sites Hit by Fake Update Scam, Stealing User Data Across the Globe----

In a disturbing development, cybersecurity researchers at c/side have unveiled that more than 10,000 WordPress sites have been hijacked by cybercriminals. These sites were manipulated to display counterfeit Google browser update notifications, tricking users into downloading malware that targets sensitive information.

Alert Over 10,000 WordPress Sites Hit by Fake Update Scam, Stealing User Data Across the Globe
WordPress sites fall prey again

A Clever Disguise for Cyber Attacks

The compromised WordPress websites were found to be utilizing an outdated version of the platform, specifically version 6.7.1, which includes an older plugin that served as the entry point for the attackers. Once they gained access, the criminals embedded malicious JavaScript code into the sites. This code generates a fake overlay page that misleads visitors into believing they need a browser update to proceed.
Visitors who attempt to download the supposed update are unwittingly installing dangerous malware variants like Atomic (also known as AMOS) for macOS users, or SocGholish for those on Windows. This clever deceit not only breaches user trust but also turns their devices into repositories of stolen data.

Alert Over 10,000 WordPress Sites Hit by Fake Update Scam, Stealing User Data Across the Globe-
Fake updates hide malware scams

The Sinister Mechanics of Infostealers

The goal of these infostealers is alarmingly straightforward: to harvest as much personal data as possible. The malware specifically targets the extraction of passwords, session cookies, cryptocurrency wallet details, and other sensitive data stored within the victim’s device. Such attacks not only compromise individual security but also pose significant risks to broader network safety if infected devices connect to larger systems.

Alert Over 10,000 WordPress Sites Hit by Fake Update Scam, Stealing User Data Across the Globe--
Thousands tricked by browser hoax

Safeguarding Your WordPress Site from Cyber Threats

Protecting against such sophisticated threats requires diligence from web administrators. All WordPress sites must be updated regularly, starting with the core software itself. WordPress version 6.7, released in mid-November 2024, includes security enhancements designed to thwart such exploits.
Additionally, administrators should rigorously manage their themes and plugins:

  • Uninstall unnecessary plugins and themes to minimize vulnerabilities.
  • Update all necessary components to their latest versions to close security gaps.
  • Scan for and eliminate any malicious scripts detected on the site.
  • Regularly review system logs from the past 90 days to identify and understand any breach that might have occurred.
Alert Over 10,000 WordPress Sites Hit by Fake Update Scam, Stealing User Data Across the Globe---
Cybersecurity breach compromises WordPress users

Experts from c/side also warn that attackers often leave backdoors on the websites they compromise. These backdoors enable them to easily regain access should they wish to launch subsequent attacks or update their malware. Therefore, constant vigilance and comprehensive security practices are essential for maintaining a secure WordPress environment.

In conclusion, as WordPress continues to power millions of websites globally, the responsibility for securing these sites from such deceptive attacks lies not only with the webmasters but also with the users. By staying informed about the latest security practices and remaining cautious with online updates, users can protect themselves against these insidious cyber threats.

Tags: Browser UpdateCybersecurityinfostealermalware attackplugin vulnerabilityWeb SafetyWordPress security

TRENDING

Google’s Gemini AI to Transform Your Car with Android Auto

Google’s Gemini AI to Transform Your Car with Android Auto

May 15, 2025
Google Set to Launch Pinterest-Like Feature at I/O 2025 to Change How We Search

Google Set to Launch Pinterest-Like Feature at I/O 2025 to Change How We Search

May 15, 2025
Samsung's New Galaxy S25 Edge Is the Slimmest Smartphone Yet – A Bold Move to Beat Apple

Samsung’s New Galaxy S25 Edge Is the Slimmest Smartphone Yet – A Bold Move to Beat Apple

May 15, 2025
60+ Gaming Consoles and Platforms Compared

60+ Gaming Consoles and Platforms Compared

May 15, 2025
75+ Smart Home Gadgets That Work with Google Home

75+ Smart Home Gadgets That Work with Google Home

May 15, 2025
iOS 19 Aims to Fix Bugs and Introduce a Fresh Look – What We Can Expect

iOS 19 Aims to Fix Bugs and Introduce a Fresh Look – What We Can Expect

May 15, 2025
Nintendo’s New EULA Update Makes It Harder for Users to Sue Over Issues Like Joy-Con Drift

Nintendo’s New EULA Update Makes It Harder for Users to Sue Over Issues Like Joy-Con Drift

May 11, 2025
LegoGPT Lets You Create Real Lego Designs from Text – Here’s How It Works

LegoGPT Lets You Create Real Lego Designs from Text – Here’s How It Works

May 11, 2025
  • Contact Us
  • Terms
  • Privacy
  • Copyright
  • About Us
  • Fact Checking Policy
  • Corrections Policy
  • Ethics Policy

Copyright © 2023 GadgetInsiders.com

No Result
View All Result
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox

Copyright © 2023 GadgetInsiders.com.