In a new campaign, malicious actors are using fake browser updates to infect sites with malware. They are using WordPress plug-ins to deliver the malware, infecting websites with info stealing payloads. To access these sites, they are using stolen credentials to log in. A new variant of the malware is being disguised as a fake browser update, known as ClickFix. Between September 2nd and 3rd, the malware infected over 6,000 WordPress sites. These plugins are made to seem legitimate to users, but have malicious scripts embedded in them. ClickFix uses generic names such as “Advanced User Manager” and “Quick Cache Cleaner” to trick users. Researchers are not yet sure on how these attackers are acquiring WordPress login credentials to initiate the campaign. It is possible that they are using brute-force attacks or phishing campaigns. 

Read more: https://www.darkreading.com/endpoint-security/swarms-fake-wordpress-plug-ins-infect-sites-infostealers