Online attackers are using dangerous malware to avoid all the security checks to steal victims’ personal details through a Paypal phishing scam. Know how dangerous this phishing attack is.
Cybersecurity researchers have discovered a new phishing attack that deploys a dangerous malware to attack WordPress sites. The report mentions that this identity theft affected more than 42 million victims in 2021. This makes a total loss of around $52 billion!A team of Akamai researchers have discovered this new malware that is being used by cybercriminals to execute a comprehensive PayPal phishing scam. This phishing attack forces victims to hand over their most sensitive information such as government documents, photos, and even banking information as well as email addresses to the attackers.
Researchers say that the attackers use a file management WordPress plug-in to start the phishing attack. “The threat actor brute forces into existing, non-malicious WordPress sites and injects their Phishing kit into them as a way of maintaining evasion,” the blog post by Akamai mentioned. This includes several security checks on the connected IP addresses to escape the detection from the malicious domains. Not just that, it also allows the online fraudsters to rewrite URLs of the website without the .php at the end. This helps them to make it look more realistic just like the genuine addresses.
Once the malware is on the…
