Thousands of WordPress sites have been hijacked to distribute info-stealing malware, according to security researchers at cybersecurity company c/side. By exploiting outdated versions of WordPress sites and plug-ins, hackers have taken over and then used these vulnerable sites to trick visitors into downloading and installing malware which is then used to steal personal information.
Due to its sheer scope and size, the campaign is being described as a “spray and pay” style attack wherein it aims to compromise anyone who visits one of these compromised sites rather than targeting anyone specifically. When victims visit any one of the more than 10,000 sites that c/side has identified as compromised by the malware, it quickly changes its content to a fake Chrome browser page.
How to stay safe
First off, never download anything unless you know what it is and why you need to download it. No website should ever require you to download anything in order to view a webpage.
Secondly, always make sure that you keep your browser and your antivirus program up to date with the latest patches and fixes so that your system (be it Mac or PC) is always protected. You want to make sure that you have the best antivirus protection available, just in case any mistakes happen or anything sneaks by you. Some security suites also offer features like a VPN or a hardened browser as well for extra protection.
Lastly, make sure you protect your personal information by using one of the best password managers to safely create and store all of your credentials. You can also protect your personal information further by signing up for one of the best identity theft protections services like Norton LifeLock as well as making sure to keep an eye on your credit card reports and other statements on annualcreditreport.com.
More from Tom's Guide
- TikTok, Google, Amazon, Apple – which is worst for data privacy?
- Is DeepSeek safe to use?
- Microsoft Edge will soon protect you from these scary scams that even Chrome can't
