Thousands of WordPress sites Hosting Infostealers

A recent wave of cyberattacks has targeted over 6,000 WordPress websites, exploiting them to install malicious plugins that push infostealer malware. Attackers have taken advantage of vulnerabilities within WordPress themes and plugins, covertly installing plugins that deliver information-stealing payloads to compromised sites. Once installed, these plugins allow the attackers to steal sensitive data, including login credentials, browser cookies, and even cryptocurrency wallets from visitors.

The attack leverages compromised plugins to deliver malware such as the Raccoon Stealer, which has recently resurfaced with enhanced capabilities. The Raccoon malware has become a favorite among cybercriminals due to its ability to gather extensive personal data from over 60 applications, posing a significant risk to both businesses and individuals. As more data is stolen, threat actors can use the stolen credentials to bypass multi-factor authentication (MFA) and gain unauthorized access to corporate networks, leading to further attacks like ransomware or espionage.

The attackers focus on popular content management systems like WordPress due to its widespread use across various industries, making it a lucrative target for malware distribution. By injecting backdoors into legitimate themes and plugins, these adversaries can maintain long-term access to compromised websites, either for their own use or to sell access to other threat actors. This trend highlights the increasing sophistication of cybercrime, where attackers use legitimate-looking software to deliver malicious payloads without raising suspicion.

In response, organizations using WordPress are urged to monitor their environments for signs of compromise, regularly update their plugins, and employ robust security measures, including file integrity monitoring and web application firewalls. For compromised systems, it's essential to replace core WordPress files and use tools like YARA rules to detect and eliminate webshells installed through these malicious plugins.

The growing frequency and impact of such attacks on widely used platforms like WordPress demonstrate a need for vigilant patch management and proactive defenses, particularly as threat actors refine their methods to exploit vulnerabilities in common software.

?