ClickFix Malware Targets Google Chrome and Facebook via Fake Error Messages, Compromises 25,000 Sites Worldwide
October 23, 2024Users are encouraged to follow best practices for password protection and avoid interacting with unknown websites requesting personal credentials.
GoDaddy's principal security engineer confirmed that the ClickFix malware attack is not related to any known vulnerabilities in WordPress.
ClickFix has gained traction by targeting popular platforms like Google Chrome, Google Meet, and Facebook with fake error banners.
In 2024, a new malware campaign called ClickFix emerged, masquerading as software error messages that lead to harmful PowerShell script installations.
The campaign is executed by threat actors who exploit stolen WordPress admin credentials to compromise websites.
Since August 2023, GoDaddy has been monitoring the ClickFix campaign, identifying it on over 25,000 compromised sites globally.
This campaign is linked to another called ClearFake, which began in 2023 and involves fake web browser update banners that lead to information-stealing malware.
Malicious plugins used in ClickFix often mimic reputable ones, using names like 'Wordfense Security' and 'LiteSpeed Cache' to avoid detection.
These plugins frequently employ generic names and misleading metadata, appearing harmless to website administrators.
When activated, these plugins inject malicious JavaScript into the site's HTML, loading further harmful scripts from a Binance Smart Chain smart contract.
The injected scripts display popups prompting users to take actions that lead to the installation of infostealers.
WordPress site administrators are advised to check for unknown plugins and reset admin passwords if they encounter fake alerts.
Summary based on 5 sources
Get a daily email with more Tech stories
Sources
TechRadar pro • Oct 22, 2024
Thousands of WordPress websites hacked via plugin looking to steal user dataBleepingComputer • Oct 21, 2024
Over 6,000 WordPress hacked to install plugins pushing infostealersDark Reading • Oct 22, 2024
Swarms of Fake WordPress Plug-ins Infect Sites With InfostealersSlashdot • Oct 22, 2024
Over 6,000 WordPress Hacked To Install Plugins Pushing Infostealers - Slashdot