CP
cyberpings
Malware & RansomwareHIGH

Malicious WordPress Sites Spread Stealer Malware Globally

R7Rapid7 Blog
WordPressmalwareinfostealerClickFixRapid7
🎯

Basically, hackers are using trusted websites to spread malware that steals your information.

Quick Summary

A wave of compromised WordPress sites is spreading malware globally. Over 250 trusted websites have been infected, putting user data at risk. Stay vigilant and ensure your online security measures are updated.

What Happened

Imagine visiting a trusted website, only to find it has been hijacked by hackers. This is exactly what's happening with over 250 legitimate WordPress sites that have been compromised to spread malware. Rapid7 Labs uncovered a campaign where an unidentified threat actor is injecting a fake Cloudflare human verification challenge, known as ClickFix, to trick users into downloading malware. Once infected, the malware can steal sensitive information like passwords and digital wallet details from Windows systems.

This malware campaign has been active since December 2025, but its infrastructure dates back even further. The infected sites span at least 12 countries, including the US, UK, Germany, and India. Some of these sites are even regional news outlets or official pages of political candidates. This makes the threat particularly dangerous because users are more likely to trust these sites, thinking they are safe to visit.

Why Should You Care

You might think that only shady websites pose a risk, but this incident shows that even trusted sites can be compromised. If you visit one of these infected sites, you could unknowingly download malware that steals your credentials. Think of it like getting a virus from a seemingly healthy apple; it looks good on the outside, but inside, it’s rotten.

This is not just a problem for individuals; organizations can also be targeted. If hackers steal your company's credentials, they could access sensitive data or conduct financial theft. Staying vigilant online is crucial, especially when browsing sites that seem trustworthy. Always question the legitimacy of what you see online.

What's Being Done

Rapid7 is actively monitoring this situation and has published a detailed analysis of the malware infection chain. They have also released a list of Indicators of Compromise (IoCs) and detection rules to help organizations defend against this threat. Here are some immediate actions to consider:

  • Check if your website is on the list of compromised sites.
  • Update your security measures to detect and block this malware.
  • Educate your team about the risks of visiting seemingly safe websites.

Experts are keeping an eye on how this campaign evolves and whether more websites will be targeted. The key takeaway is to stay informed and proactive about your online safety.

💡 Tap dotted terms for explanations

🔒 Pro insight: The use of trusted domains for malware distribution highlights a significant shift in threat actor tactics, necessitating enhanced vigilance in web security measures.

Original article from

Rapid7 Blog · Milan Spinka

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

SmartApeSG Campaign Deploys Remcos RAT via ClickFix Page

A new campaign is using a fake ClickFix page to spread Remcos RAT. Individuals and organizations are at risk of remote access and data theft. Stay vigilant and protect your systems from this growing threat.

SANS ISC Full Text·
HIGHMalware & Ransomware

Ransomware Negotiator Allegedly Extorted Victims for Millions

A ransomware negotiator is accused of extorting victims for millions. DigitalMint claims ignorance of his actions. This scandal raises serious concerns about trust in cybersecurity professionals.

SC Media·
HIGHMalware & Ransomware

New VENON Malware Targets Brazilian Banking Users

A new malware called VENON is targeting Brazilian banking users. This Rust-based threat employs advanced techniques to steal sensitive information. Stay alert and protect your accounts from this evolving danger.

SC Media·
HIGHMalware & Ransomware

FBI Investigates Malware Spread Through Steam Games

The FBI is investigating malware hidden in Steam games. Gamers who installed these titles may have had their accounts compromised. If you played these games, report your experience to help the investigation.

BleepingComputer·
HIGHMalware & Ransomware

Credential Theft: Storm-2561 Spoofs VPN Clients to Steal Logins

A new cybercrime group is spoofing VPN clients to steal user credentials. Cisco and Fortinet users are particularly at risk. Stay alert and ensure you’re downloading software from official sources to protect your data.

The Register Security·
HIGHMalware & Ransomware

Ransomware Responder Allegedly Aided BlackCat Cybercriminals

A cybersecurity responder allegedly aided BlackCat hackers in negotiating higher ransoms. This shocking breach of trust has raised alarms in the industry. DigitalMint has since terminated the involved parties and is enhancing oversight.

The Record·
Malicious WordPress Sites Spread Stealer Malware Globally | CyberPings Cybersecurity News