Topics
Latest
AI
Amazon
Image Credits:Bryce Durbin / TechCrunch
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
enterprisingness
EVs
Fintech
fundraise
contrivance
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
secrecy
Robotics
security department
Social
Space
Startups
TikTok
shipping
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
video
Partner Content
TechCrunch Brand Studio
Crunchboard
meet Us
cyber-terrorist are exploit outdated interlingual rendition of WordPress and fireplug - Immigration and Naturalization Service to alter thousands of websites in an attempt to fox visitors to download and instal malware , security researcher have found .
The cut campaign is still “ very much live , ” Simon Wijckmans , the father and CEO of web security company c / side , which discovered the attacks , told TechCrunch on Tuesday .
The hackers ’ goal is to unfold malware capable of slip passwords and other personal data from both Windows and Mac drug user . Some of the hacked websites are ranked among the most pop sites on the internet , according to c / side .
“ This is a widespread and very commercialised attack , ” Himanshu Anand , who wroteup the company ’s findings , told TechCrunch . Anand said the campaign is a “ spray and pray ” attack that aims to compromise anyone who visits these websites rather than targeting a specific person or grouping of people .
When the hack WordPress sites stretch in a exploiter ’s web browser , the mental object quick changes to expose a imitation Chrome web browser update Sir Frederick Handley Page , requesting the website visitant download and instal an update to look at the internet site , the researchers found . If a visitant admit the update , the hack website will prompt the visitant to download a specific malicious file masquerading as the update , depending on whether the visitant is on a Windows PC or a Mac .
Wijckmans enjoin that they alerted Automattic , the caller that make grow and distributes WordPress.com , about the hack campaign and post them the leaning of malicious domains , and that their impinging at the fellowship acknowledged receipt of their email .
When reached by TechCrunch prior to publication , Megan Fox , a spokesperson for Automattic , did not gloss by press clock time . After publishing , Automattic sound out that surety of third - party plugins are at last the duty of WordPress plugin developer .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
“ There are specific guidepost that plugin author must consult and adhere to insure the overall timbre of their plugins and the safety of their users . In addition , they have at their disposal a Plugin Handbook that covers legion security topics , admit in effect practices and manage plugins ’ security , ” the spokesperson said .
C / side sound out it identified over 10,000 websites that appear to have been compromised as part of this hacking campaign . Wijckmans say the company detect malicious scripts on several domains by crawl the internet , and performing a inverse DNS search , a technique to line up domains and web site associated with a certain IP address , which revealed more domains hosting the malicious handwriting .
TechCrunch could not confirm the truth of c / side ’s figure of speech , but we saw one hacked WordPress website that was still display the malicious mental object on Tuesday .
From WordPress to infostealing malware
The two types of malware that are being push on the malicious websites are known as Amos ( or Amos Atomic Stealer ) , which targets macOS users ; and SocGholish , which targets Windows users .
In May 2023 , cybersecurity firm SentinelOnepublished a reporton Amos , classify the malware as aninfostealer , a type of malware designed to infect figurer and steal as many usernames and passwords , seance cookie , crypto pocketbook , and other tender data that let the hackers to further break into the victim ’s write up and steal their digital up-to-dateness . Cybersecurity firm Cyble reportedat the clip that it had found that hackers were betray access to the Amos malware on Telegram .
Patrick Wardle , a macOS security expert and co - founder ofApple - focus cybersecurity inauguration DoubleYou , recite TechCrunch that Amos is “ definitively the most fecund stealer on macOS , ” and was create with the malware - as - a - service byplay model , meaning the developer and owners of the malware deal it to the drudge who then deploy it .
Wardle also noted that for someone to successfully install on macOS the malicious filing cabinet found by degree Celsius / side “ the user still has to then manually run it , and leap through a lot of hoop to bypass Apple ’s built - in security . ”
While this may not be the most ripe hack hunting expedition , given that the hackers bank on their target to descend for the bogus update page and then instal the malware , this is a good reminder to upgrade your Chrome browserthrough its in - build up software update featureand to set up only trusted apps on your personal devices .
Password - stealing malware and the thievery of credentials have been blame for some of the biggest hacks and data severance in chronicle . In 2024 , hacker mass - raided the accounts of corporal giant who host their tender data point with cloud computing giant Snowflakeby using countersign stolen from the computers of employees of Snowflake ’s customers .
This story was updated to include gossip from Automattic ’s spokesperson .
