In an alarming development for web security, hackers are exploiting vulnerabilities in WordPress websites to deploy sophisticated Chrome update scams. This widespread attack campaign has already compromised 10,000 WordPress sites, using advanced social engineering tactics to distribute malware through fake browser update notifications.
- Affected platforms: WordPress websites
- Number of compromised sites: 10,000
- Malware variants:
- AMOS (Atomic macOS Stealer) - targeting Apple devices
- SocGholish - targeting Windows devices
- Data at risk: Usernames, passwords, cookies, cryptocurrency wallets
The Sophisticated Deception
The attack, uncovered by web security firm c/side, involves hackers hijacking WordPress sites running outdated versions of the content management system and its plugins. The compromised websites display a convincing but fraudulent Chrome update page, complete with Google's branding elements and Terms of Service links. This sophisticated mimicry makes it particularly challenging for average users to identify the deception.
Dual-Threat Malware Strategy
The attackers have implemented a multi-platform approach, utilizing two distinct malware variants. AMOS (Atomic macOS Stealer) targets Apple devices, while SocGholish focuses on Windows systems. Both variants are designed to harvest sensitive information, including passwords, cookies, and cryptocurrency wallet data, potentially leading to severe financial losses for victims.
Impact and Reach
The scope of this attack is particularly concerning as it affects some of the internet's most frequented websites. When visitors encounter these compromised sites, they're presented with a carefully crafted update prompt that claims the site requires the new chromium engine to function properly. Despite some grammatical inconsistencies that might alert careful observers, the overall presentation is convincing enough to deceive many users.
Protection and Prevention
For WordPress site administrators, the immediate recommendation is to update all WordPress installations and plugins, removing any unused components. Regular users should maintain healthy skepticism toward any unexpected update prompts, particularly those appearing on third-party websites. Legitimate Chrome updates are managed through the browser's built-in update system, not through website prompts.
Response to Infection
If you suspect your system has been compromised by this malware, immediate action is crucial. Security experts recommend using reputable antimalware tools like Malwarebytes or Bitdefender to scan and clean affected systems. The incident serves as a stark reminder of the evolving sophistication of cyber threats and the importance of maintaining vigilant security practices.