WordPress Sites Targeted by Malware via Fake Plugins
by Justin Erickson
Over 6,000 WordPress sites have been compromised by a new malware campaign using fake plugins to distribute infostealers. Attackers leverage stolen admin credentials to install plugins that inject malicious JavaScript under the radar, leading users to download fake “browser updates.” Known as the “ClickFix” campaign, this method bypasses standard security by embedding malicious scripts in legitimate-looking plugins. Experts urge administrators to validate plugins and secure login credentials.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)