Malicious plugins facilitate malicious JavaScript injection into the site's HTML.
More than 6,000 WordPress sites have been compromised with malicious plugins displaying fraudulent browser updates.
The browser updates download information-stealing malware as part of a new ClickFix attack campaign that commenced in June, reports BleepingComputer. The intrusions commence with the exploitation of breached admin credentials to infiltrate the targeted WordPress site, and enable automated installation of the plugins
Installation of the malicious plugins would prompt connections with several WordPress actions to facilitate malicious JavaScript injection into the site's HTML that would retrieve a Binance Smart Chain contract-stored JavaScript file, which displays the phony software update banners.
Organizations with WordPress sites that have been receiving reports of fake site alerts have been urged to review their installed plugins.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
