Criminals and unknown cyber, have the advantage over 10,000 websites to be empowered by WordPress in order to deliver the malware to Windows and macOS to steal the sensitive data of its users, including passwords and account. It is also possible for the owners of websites using the older versions of the CMS (the System for Managing the Content of) the well-known and supplements to be vulnerable.
Home of the false and the update of Chrome
The malware is of the type “spërkas and pray”. The goal of the attack is a hit for all your visitors to the pages, rather than a single user, or a group of people. When the home page of compromised WordPress is loaded in a web browser, a web page, the fake is shown on the screen, asking for the victim, who did not suspect the update for Chrome.
By clicking the button, Update, releases and discharges the malware is on your computer: SocGholish for Windows or the Atomic Stealer for macOS. SocGholish it is used to download various types of malware, including ransomware. Atomic Stealer, on the other hand, is an information thief, so that it can steal passwords, files of the sessions, wallets kriptomonedhave, and other information of a sensitive person.
Atomic Stealer is by far the malware is the most prolific for macOS, and is provided by means of a pattern of “malware-as-a service”. He put the malware on the grounds of the consent of the developer of it. However, the manual, the user may be required to bypass the protection of the Apple on the infected Mac.
According to the findings of the researchers in the c/side, more than 10,000 sites have been compromised. All of them have to be installed on a version of the old woman of WordPress and the plugins in question. Following the report, a spokesperson for the Automattic, said that the developers are responsible for the safety and security of the subsidiaries to third parties.
Discussion about this post