Summary:
Hacking Campaign Overview
Over 6,000 WordPress sites have been compromised by hackers using malicious plugins that push information-stealing malware through fake software updates.ClearFake and ClickFix
Two campaigns, ClearFake and ClickFix, have been identified. ClearFake displays fake browser update banners, while ClickFix shows error messages claiming to offer fixes that actually download malware.Use of Malicious Plugins
The hackers install seemingly legitimate plugins that imitate popular tools like Wordfense Security. These plugins contain scripts that display fake alerts to users, tricking them into executing harmful commands.Automated Installations
Investigations reveal that the attackers use stolen admin credentials to access WordPress sites and automate the installation of these malicious plugins.Continued Threats
Security experts urge WordPress administrators to enhance their security practices to prevent such breaches and ensure their websites are protected against these ongoing threats.
Read more at: BleepingComputer