Hackers are hijacking WordPress sites to push Windows and Mac malware | TechCrunch

Hackers are hijacking WordPress sites to push Windows and Mac malware | TechCrunch
Summary: Hackers are exploiting outdated WordPress sites and plugins, altering thousands of websites to trick visitors into downloading malware for password and personal information theft. This ongoing campaign targets both Windows and Mac users, affecting popular sites across the internet. Security researchers have identified over 10,000 compromised websites and reported the incident to Automattic, the parent company of WordPress.

Affected: WordPress websites and users on Windows and Mac

Keypoints :

  • Hackers are using β€œspray and pay” tactics to compromise visitors to hacked websites.
  • Malicious scripts push infostealing malware, known as Amos for macOS and SocGholish for Windows.
  • Over 10,000 websites have been identified as compromised, with some still displaying malicious content.

Source: https://techcrunch.com/2025/01/29/hackers-are-hijacking-wordpress-sites-to-push-windows-and-mac-malware