Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Security researchers found that infiltrators are taking advantage of old versions of WordPress and additions to change thousands of websites in an attempt to deceive visitors to download and install harmful programs.
The piracy campaign is still “very vivid”.
The goal of infiltrators is to publish harmful programs capable of stealing passwords and other personal information from both Windows and Mac users. Some of the sites that have hacked among the most popular websites are classified online, according to C/Side.
“This is a very large and commercial attack,” Himanshu Anand, who wrote Even the company’s resultsTell Techcrunch. Anand said the campaign is a “spray and payment” attack aimed at settling any person visiting these sites instead of targeting a specific person or a group of people.
When the hacker WordPress sites are loaded in the user’s browser, the content changes quickly to view the fake Chrome update page, and request the download of the web site and install it to view the website. If one visitor before the update, the hacked website will demand the visitor to download a specific harmful file that denies the update, depending on whether the visitor on a Windows computer or Mac.
Wijckmans said that they alerted Automattic, the company that develops and distributes WordPress, about piracy campaign and sent them a list of harmful areas, and that their contact with the company admitted to receiving their email.
When TECHCRUNCH reached it before publishing, Megan Fox, an Automatic spokesperson, did not comment.
C/Side said he has identified more than 10,000 web sites that appear to be hacked as part of this piracy campaign. Wijckmans said that the company has discovered malicious text programs on several areas through the crawl of the Internet, and the performance of DNS, a technology to find fields and websites associated with a specific IP title, which revealed more areas that host malicious text programs.
Techcrunch was unable to confirm the accuracy of the C/Side numbers, but we have seen WordPress still showing harmful content on Tuesday.
From WordPress to harmful programs
The two types of harmful programs are known on harmful web sites as Amos (or Amos Atomic Steale), which target MacOS users; And Socgholish, which targets Windows users.
In May 2023, Sentinelone Security Company Publish a report On Amos, the classification of malware as Infostealer, a type of harmful software designed for computers injury and stole the largest possible number of digital currency. The Cyber Security Company mentioned Sibel While it was found that the infiltrators were selling access to the AmOS on Telegram.
Patrick Wardel, a security expert in McCos and a co -founder to start the cybersecurity focusing on Apple, told Techcrunch that Amos is “categorically the most abundant thief on MacOS”, and it was created with the tax service business model as a service, and this means, meaning developer does And the owners of harmful programs by selling it to the infiltrators who spread it after that.
Wardel also indicated that in order for someone to stabilize the harmful file that C/Side successfully found, “the user still has to run manually, jumping through a lot of hoops to exceed the integrated Apple safety.”
Although this may not be the most advanced piracy campaign, since the infiltrators depend on their goals to retract the fake update page and then install malware, this is a good reminder to update your Chrome browser. Through the feature of updating its software And install reliable applications only on your personal devices.
The blame for stealing the password and stealing accreditation data has been blamed for some of the biggest breakthroughs and violations in history. In 2024, the infiltrators collected the accounts of the companies ’giants who hosted their sensitive data with the giant Snowflake giant with cloud computing uses using the stolen passwords of Snowflake customer computers.
