Campaign exploits outdated WordPress sites to spread password-stealing malware

Cybercriminals are targeting vulnerable WordPress websites and plug-ins to distribute malware that steals personal data, including passwords and personal information, reports TechCrunch.

According to security researchers at web security firm c/side, the attack is widespread, with over 10,000 websites reportedly compromised. The campaign involves hackers altering site content to display fake Chrome browser update prompts to trick visitors into downloading malicious files tailored to their operating system. The malware includes Amos, which targets macOS users, and SocGholish, which infects Windows devices. Amos or Amos Atomic Stealer, regarded as the most prolific macOS infostealer, is sold as malware-as-a-service, allowing cybercriminals to buy and deploy it. Though Apple’s security measures require users to manually execute the malware, many are still duped by the deceptive prompts. C/side reported the issue to Automattic, the company behind WordPress.com, but the firm emphasized that third-party plug-in security is the responsibility of their developers. Meanwhile, security experts stress the importance of updating browsers through official channels and avoiding unverified downloads, as credential theft remains a major driver of large-scale cyberattacks.