
Security researchers have found that hackers are exploiting the outdated version of WordPress and the plugin to try to download and install malware to visitors to change thousands of websites.
The hacking campaign is still “a lot of live,” Simon Vijayk Men’s founder and CEO of the web security company C/Side, which discovered the attacks.
The goal of hackers is to spread malware that is capable of stealing passwords and other personal information from both Windows and Mac users. According to the C/Side, some hack websites have been included in the most famous sites on the Internet.
“This is a wide and very commercial attack,” said Hamanshu Anand, who wrote the company’s results. Anand said the campaign is a “spray and prayer” attack that aims to compromise with everyone who goes on these websites rather than targeting any person or group of people.
When Hack WordPress sites load in a user’s browser, the content changes rapidly to display the fake chrome browser update page, a refreshing to see the website requesting the website request Download and install, researchers found. If a visitor accepts the update, the hacked website will indicate the visitor to download a specific malicious file as an update, depending on whether the visitor on Windows PC or Mac Whether or not
Vijayk Men’s said he informed the WordPress.com manufacture and distribution company about the hacking campaign and sent them a list of malicious domains, and their contact with their email in the company received their email receipts. Recognized.
When arrived before the publication, Automatic spokesman, Megan Fox, made no comment through press time. After the publication, the automatic said that the protection of the third party plugins is eventually the responsibility of the WordPress plugin developers.