Thousands of WordPress sites hijacked to spread Windows and Mac malware - how to stay safe

A hacker typing quickly on a keyboard
(Image credit: Shutterstock)

Thousands of WordPress sites have been hijacked to distribute info-stealing malware, according to security researchers at cybersecurity company c/side. By exploiting outdated versions of WordPress sites and plug-ins, hackers have taken over and then used these vulnerable sites to trick visitors into downloading and installing malware which is then used to steal personal information.

Due to its sheer scope and size, the campaign is being described as a “spray and pay” style attack wherein it aims to compromise anyone who visits one of these compromised sites rather than targeting anyone specifically. When victims visit any one of the more than 10,000 sites that c/side has identified as compromised by the malware, it quickly changes its content to a fake Chrome browser page.

The fake Chrome page then requests that the visitor download and install an update in order for them to view the website. If the visitor installs the update, they’re actually downloading a malicious file that is capable of stealing passwords and other information. The two malware strains used here are Atomic Stealer, which is the macOS version, and SocGholish which is the version that targets Windows users.

AtomicStealer has been classified as an infostealer which infects computers to steal usernames, passwords, session cookies, crypto wallets and other sensitive data. One of the reasons this particular infostealer is being used in this campaign and others like it is because it employs a malware as a service model where hackers pay its creators to a monthly fee to deploy it in their own attacks. However, in order for it to be successfully installed, the user has to manually run it and bypass Apple’s built in security, which means they first have to fall for a hacker's tricks.

How to stay safe

Best antivirus software

(Image credit: Shutterstock)

First off, never download anything unless you know what it is and why you need to download it. No website should ever require you to download anything in order to view a webpage.

Secondly, always make sure that you keep your browser and your antivirus program up to date with the latest patches and fixes so that your system (be it Mac or PC) is always protected. You want to make sure that you have the best antivirus protection available, just in case any mistakes happen or anything sneaks by you. Some security suites also offer features like a VPN or a hardened browser as well for extra protection.

Lastly, make sure you protect your personal information by using one of the best password managers to safely create and store all of your credentials. You can also protect your personal information further by signing up for one of the best identity theft protections services like Norton LifeLock as well as making sure to keep an eye on your credit card reports and other statements on annualcreditreport.com.

More from Tom's Guide

Network
Arrow
Intego
Norton
Contract Length
Arrow
Showing 2 of 2 deals
Filters
Arrow
Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. 

Read more
A hacker typing quickly on a keyboard
Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates
Reddit logo and Reddit logo on phone
Hackers have created hundreds of fake Reddit sites to spread info-stealing malware
and image of the Google Chrome logo on a laptop
Billions of Chrome users at risk from new browser-hijacking Syncjacking attack — how to stay safe
and image of the Google Chrome logo on a laptop
Popular Chrome extensions hijacked by hackers in widespread cyberattack — 3.2 million at risk
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
Malware
New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe
Latest in Online Security
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Latest in News
Apple Watch Series 10
Future Apple Watch models could get a surprising new feature — what we know
iPhone 16 Pro vs iPhone 16 Pro Max in hand showing displays
Forget iPhone 17 — iPhone 18 could get this huge upgrade
The new Husqvarna iQ series robot lawn mower.
Husqvarna’s new robot mowers offer GPS for less
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
NYTimes Connections
NYT Connections today hints and answers — Sunday, March 23 (#651)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #385 (Sunday, March 23 2025)