The lures impersonate WordPress’ security team
Proofpoint Threat Intelligence Services (PTIS) has identified a malware delivery phishing campaign
impersonating the WordPress security team.
The lures used in this campaign impersonate an alert from the WordPress
security team regarding a critical security flaw in WordPress. The lure directs
recipients to click a shortened Bitly link to download a WordPress plugin allegedly
fixing the security flaw.
Clicking the link leads to a lookalike WordPress[.]org page prompting recipients to install a “Security Update
Plugin.” Installing the plugin leads to attackers gaining full administrative access over the recipient’s WordPress site.