10,000 WordPress Sites Hacked To Spread Malware - 1

Image by WebFactory Ltd, from Unsplash

10,000 WordPress Sites Hacked To Spread Malware

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Over 10,000 WordPress websites have been hacked to distribute malware targeting both Windows and macOS users, security researchers at c/side revealed this week.

In a Rush? Here are the Quick Facts!

  • Attackers target outdated WordPress plugins to inject malicious JavaScript.
  • Malware includes AMOS for macOS and SocGholish for Windows.
  • Fake Google Chrome update prompts trick users into downloading malware.

Attackers injected malicious JavaScript into outdated WordPress sites, tricking visitors into downloading fake browser updates that install harmful software.

The cybercriminals behind this campaign injected malicious JavaScript into vulnerable WordPress sites. When a visitor lands on an infected page, their browser loads a fake update prompt inside an invisible frame. If a user downloads and installs the supposed update, they unknowingly infect their device with malware.

This method marks a shift from previous tactics, as it is the first known instance of AMOS and SocGholish being delivered through a client-side attack. Instead of redirecting users to a separate malicious site, the malware is injected directly into their browser session.

The AMOS malware is designed to steal sensitive data from Mac users, including passwords, credit card information, and cryptocurrency wallets. It is sold on hacker forums and Telegram channels, making it easily accessible to cybercriminals.

SocGholish, which targets Windows users, is often used to install additional malware, such as ransomware or keyloggers, by disguising itself as a legitimate software update.

The hackers likely gained access to these WordPress sites by exploiting outdated plugins and themes. Since many websites do not have active monitoring for client-side attacks, the malicious scripts went undetected for an extended period.

Security experts identified several suspicious domains involved in the attack, including blackshelter[.]org and blacksaltys[.]com, which redirected users to malware-hosting sites. The malicious script was also found on a widely used content delivery network, making detection more difficult.

To stay safe, website owners are urged to update their WordPress installations and plugins, check for unusual scripts, and remove any suspicious files. Users who may have downloaded files from infected sites should run a full system scan and check their devices for malware.

The campaign highlights the growing threats posed by cybercriminals exploiting website vulnerabilities to infect users with malware. Security researchers are continuing to monitor the attack and warn that more compromised websites may still be spreading the infection.

Microsoft And Perplexity Integrate DeepSeek AI Into Their Platforms - 2

Photo by Windows on Unsplash

Microsoft And Perplexity Integrate DeepSeek AI Into Their Platforms

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Microsoft and Perplexity have integrated the Chinese startup DeepSeek’s AI model into their platforms. Perplexity is using DeepSeek’s latest R1 model in its search platform, and Microsoft is using it on its Azure AI Foundry platform.

In a Rush? Here are the Quick Facts!

  • Perplexity integrated DeepSeek’s R1 model into its search platform and has been expanding query limits for users.
  • Microsoft added DeepSeek R1 on Azure AI Foundry and GitHub.
  • Both companies promised to enhance integrations and expand DeepSeek features.

Not long after Perplexity’s CEO Aravind Srinivas congratulated DeepSeek for reaching first place on Apple’s App Store in the United States on the social media platform X this Monday, Perplexity made major updates adopting the Chinese open-source AI model.

Perplexity announced a few hours later that Pro level users could access DeepSeek’s R1 model through their platform, offering an “uncensored” version—as many users have revealed that the Chinese model avoids responses that could affect the Chinese government, including historical events—and with data hosted in the United States.

Throughout the week, the American startup has been updating its mobile applications to include DeepSeek’s technology and expanding the limits of use, including a few queries for free users.

Also we’re going to buy more capacity to keep serving DeepSeek R1 in American data centers! Those shorting NVDA are shortsighted. The proliferation of search agents and assistants that can reason has just begun! 🇺🇸 — Aravind Srinivas (@AravSrinivas) January 27, 2025

Microsoft has also joined the DeepSeek inclusion movement—despite currently investigating whether the Chinese company accessed its partner OpenAI’s technology without permission—and has added DeepSeek R1 to Azure AI Foundry today.

“DeepSeek R1 is now available in the model catalog on Azure AI Foundry and GitHub, joining a diverse portfolio of over 1,800 models, including frontier, open-source, industry-specific, and task-based AI models,” wrote Asha Sharma, Corporate Vice President for Microsoft’s AI Platform in the official announcement . “As part of Azure AI Foundry, DeepSeek R1 is accessible on a trusted, scalable, and enterprise-ready platform, enabling businesses to seamlessly integrate advanced AI while meeting SLAs, security, and responsible AI commitments—all backed by Microsoft’s reliability and innovation.”

Microsoft added that customers will soon be able to use lighter versions of the DeepSeek R1 model on their Copilot+ PCs without needing an internet connection.