A widespread hacking campaign is currently targeting thousands of WordPress websites, exploiting outdated versions and plugins to spread malware capable of stealing passwords and other personal information from both Windows and Mac users.

According to security researchers at c/side, the hacking campaign is "very much live" and has already compromised over 10,000 websites, including some of the most popular sites on the internet. The hackers' goal is to trick visitors into downloading and installing malware, which can then be used to steal sensitive data.

The attack works by altering the content of hacked WordPress sites to display a fake Chrome browser update page, requesting visitors to download and install an update to view the website. If a visitor accepts the update, the hacked website will prompt them to download a specific malicious file masquerading as the update, depending on whether they are using a Windows PC or a Mac.

The two types of malware being pushed on the malicious websites are Amos (or Amos Atomic Stealer), which targets macOS users, and SocGholish, which targets Windows users. Amos is a type of infostealer malware designed to infect computers and steal usernames, passwords, session cookies, crypto wallets, and other sensitive data.

Cybersecurity experts have warned that password-stealing malware and the theft of credentials have been blamed for some of the biggest hacks and data breaches in history. In 2024, hackers mass-raided the accounts of corporate giants who hosted their sensitive data with cloud computing giant Snowflake by using passwords stolen from the computers of employees of Snowflake's customers.

c/side alerted Automattic, the company that develops and distributes WordPress, about the hacking campaign and sent them the list of malicious domains. However, when reached by TechCrunch prior to publication, Automattic's spokesperson, Megan Fox, did not comment.

Security experts recommend updating Chrome browsers through their in-built software update feature and installing only trusted apps on personal devices to avoid falling victim to such attacks. Additionally, it is essential to keep WordPress versions and plugins up-to-date to prevent exploitation by hackers.

The hacking campaign serves as a reminder of the importance of cybersecurity and the need for individuals and organizations to take proactive measures to protect themselves from such attacks. As the campaign is still active, it is crucial for website owners and users to remain vigilant and take necessary precautions to avoid being compromised.