Useful information
Prime News delivers timely, accurate news and insights on global events, politics, business, and technology
Computer pirates are exploiting obsolete versions of WordPress and accessories to alter thousands of websites in an attempt to deceive visitors to download and install malware, according to security researchers.
The piracy campaign is still “very live,” Simon Wijckmans, founder and CEO of Web Security Company C/Side told TechCrunch, who discovered the attacks, on Tuesday.
The objective of computer pirates is to disseminate malware capable of stealing passwords and other personal information from Windows and Mac users. According to C/Side, some of the pirated websites are classified among the most popular sites on the Internet.
“This is a generalized and very marketed attack,” Himanshu Anand, who wrote Upload the company’s findingsHe told TechCrunch. Anand said the campaign is an attack of “spray and pay” that aims to compromise anyone who visits these websites instead of attacking a specific person or group of people.
When the pirated WordPress sites are loaded in a user’s browser, the content changes rapidly to show a false chrome browser update page, requesting the website visitor download and install an update to see the website, they found The researchers. If a visitor accepts the update, the Pirateado website will ask the visitor to download a specific malicious file disguised as update, depending on whether the visitor is on a Windows PC or a MAC.
Wijckmans said they alerted Automatic, the company that develops and distributes WordPress, about the piracy campaign and sent them the list of malicious domains, and that their contact in the company recognized the reception of their email.
When TechCrunch was contacted before the publication, Megan Fox, an Automatic spokeswoman, did not comment.
C/SIDE said he identified more than 10,000 websites that seem to have been compromised as part of this piracy campaign. Wijckmans said the company detected malicious scripts in several domains when tracking the Internet and performing a reverse DNS search, a technique to find domains and websites associated with a certain IP address, which revealed more domains hosting malicious scripts.
Techcrunch could not confirm the accuracy of the C/Side figures, but we saw a WordPress pirate website that still showed the malicious content on Tuesday.
From WordPress to childhood malware
The two types of malware that are being promoted on malicious websites are known as Amos (or Atomic Stealer), which is directed to macOS users; and Socgholish, who addresses Windows users.
In May 2023, the Sentinelone cybersecurity firm Published a report In Amos, classifying malware as an Infoptealer, a type of malware designed to infect computers and steal so many user names and passwords, session cookies, crypt digital wallets digital currency. Cyble cybersecurity firm reported At the time he had discovered that computer pirates sold access to Malware Amos on Telegram.
Patrick Wardle, a macOS safety expert and co -founder of the cybernetic security startup centered on Apple, told TechCrunch that Amos is “the most prolific robber in macOS”, and was created with the commercial model of malware as a service, what It means what the developers and owners of the malware mean the computer pirates who then implement it.
Wardle also pointed out that for someone to successfully install the malicious file that is found by C/Side “the user has yet to execute it manually and jump through many hoops to avoid the incorporated security of Apple.”
While this may not be the most advanced piracy campaign, since the computer pirates trust their goals to fall on the false update page and then install the malware, this is a good reminder to update their chrome browser Through its built -in software update function and to install only reliable applications on your personal devices.
Malware of password theft and the theft of credentials of some of the greatest hacks and data violations in history have been blamed. In 2024, the computer pirates mass attacked the accounts of the corporate giants who hosted their confidential data with giant snow copies of cloud computing through the use of stolen passwords from employee computers of Snowflake customers.
