Malicious plugins facilitate malicious JavaScript injection into the site's HTML.
More than 6,000 WordPress sites have been compromised with malicious plugins displaying fraudulent browser updates.
The browser updates download information-stealing malware as part of a new ClickFix attack campaign that commenced in June, reports BleepingComputer. The intrusions commence with the exploitation of breached admin credentials to infiltrate the targeted WordPress site, and enable automated installation of the plugins
Installation of the malicious plugins would prompt connections with several WordPress actions to facilitate malicious JavaScript injection into the site's HTML that would retrieve a Binance Smart Chain contract-stored JavaScript file, which displays the phony software update banners.
Organizations with WordPress sites that have been receiving reports of fake site alerts have been urged to review their installed plugins.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
