WordPress website owners beware! A new wave of attacks is targeting your sites to install malicious plugins that display fake software updates and errors. These fake alerts aim to trick visitors into downloading information-stealing malware.
The Attack:
Hackers compromise WordPress sites and upload malicious plugins disguised as legitimate tools (e.g., Wordfence Security, LiteSpeed Cache). Once installed, these plugins inject malicious scripts into your website. The scripts then load additional malware from a cryptocurrency blockchain, ultimately displaying fake Google Chrome, Google Meet, Facebook, or captcha update messages. Clicking the “fix” within these fake alerts triggers the download of information-stealing malware.
Security researchers estimate over 6,000 WordPress sites have been compromised. The attack campaign, known as ClickFix (variant of ClearFake), has been ongoing since 2023.
How to Protect Yourself:
- Be cautious of plugin installation: Only install plugins from trusted sources and the official WordPress plugin repository.
- Review installed plugins: Regularly review the list of plugins on your WordPress site and remove any you don’t recognize.
- Strong passwords: Use unique and strong passwords for your WordPress admin accounts and enable two-factor authentication where available.
- Security updates: Keep WordPress core, plugins, and themes updated to address known vulnerabilities.
- Monitor access logs: Regularly review your website’s access logs for suspicious activity, such as unauthorized login attempts.
What to Do if Infected:
- Remove malicious plugins: Immediately identify and remove any unknown plugins from your site.
- Reset passwords: Change all WordPress administrator passwords to unique and strong credentials.
- Scan for malware: Use a reputable security scanner to check your website for malware infections.
By following these security best practices, you can help protect your WordPress site from this latest information-stealing malware campaign.