Over 250 WordPress sites around the world, including those of small businesses, regional media organizations, and a U.S. Senate candidate, have been covertly breached to facilitate sweeping deployment of information-stealing malware as part of a ClickFix attack campaign that has been underway since December, The Register reports.Illicit code injected into the compromised websites triggered a seemingly legitimate Cloudflare CAPTCHA page that tricks site visitors into copying and executing a malicious command that leads to infostealer delivery, according to a Rapid7 analysis. Such a payload then enables the exfiltration of browser-stored credentials, cryptocurrency wallet details, authentication cookies, and other sensitive information, with threat actors potentially peddling infostealer logs on cybercrime forums. Additional findings revealed that domains tapped in the campaign have been registered between July and August."The large-scale execution of the compromise across completely unrelated WordPress instances suggests a high level of automation by the threat actor and is likely part of an organized long-term criminal effort," said researcher Milan Spinka.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



