Cybersecurity specialists have discovered a new and widespread WordPress security breach. Hackers found a vulnerability in older WordPress versions and exploited it to install malware into the sites.

This will cause the website to display a pop-up banner, telling users to update their browser to continue navigating the site. When they click on the banner, users actually install infostealer malware.

What Websites Are Affected by the Cybersecurity Threat in WordPress?

So far, specialists have determined that all compromised WordPress sites are running the outdated 6.7.1 version. This version contains a plugin which is vulnerable to this specific malware.

The current WordPress version, 6.7 was launched in November 2024 and is not vulnerable to this particular cyber threat.

Also, once they penetrate the site, the hackers will leave a backdoor to regain access to it and install other types of malicious software.

How Does the WordPress Security Breach Affect Users?

When a user reaches the compromised site, they will immediately see a banner overlaying the page. The banner warns them that they must update their browser if they want to continue browsing.

When they click on the banner, users download and install infostealer malware:

• Atomic (or AMOS) for macOS
• SocGholish for Windows.

Thus, through the browser update scam, hackers can get access to all the files stored on the device infected with the infostealer, as well as other sensitive data:

• Passwords stored in the browser
• Session cookies
• Cryptocurrency wallet information.

How to Prevent and Remove the Fake Update Page Malware

Website administrators should update WordPress as soon as a new version is available. Also, you should go through all the plugins and add-ons and update them. Always uninstall plugins that do not receive regular updates.

Moreover, to make your website load faster, keep only the plugins that are strictly necessary. Anything extra is code-bloating and slows down your website.

If your site is already affected by the WordPress security breach, perform the update and then look through all the code of the site. Find and remove all malicious scripts. As explained earlier in the articles, hackers not only install the infostealer malware, but also a backdoor to gain access to your site at a later date.

Let CyberFlow Protect Your Site and Data from Hackers!

Prevention is always better than fixing a problem. In this case, using airtight cybersecurity solutions and the best practices in keeping your systems up to date is the solution.

The team of cybersecurity specialists at CyberFlow know how to protect your site from the current WordPress security breach and many other threats. Contact us today to benefit from the best defence from cyber threats!