Global Infostealer Campaign Exploits Compromised WordPress Sites
Summary
Hide ▲
Show ▼
A widespread cybercriminal campaign has compromised over 250 legitimate WordPress websites across 12 countries to deliver infostealer malware. The attackers exploit user trust in these sites to infect visitors with malware such as Vidar Stealer, Impure Stealer, Vodka Stealer, and Double Donut. The campaign, active since December 2025, uses fake Cloudflare Captcha pages and ClickFix social engineering techniques to trick users into running malicious code, ultimately stealing sensitive data including login credentials and financial information.
Timeline
-
11.03.2026 16:45 1 articles · 2h ago
Compromised WordPress Sites Used in Global Infostealer Campaign
A widespread cybercriminal campaign has compromised over 250 WordPress sites across 12 countries to deliver infostealer malware. The campaign, active since December 2025, uses fake Cloudflare Captcha pages and ClickFix social engineering techniques to infect visitors with malware such as Vidar Stealer, Impure Stealer, Vodka Stealer, and Double Donut. The goal is to steal sensitive data, including login credentials and financial information.
Show sources
- Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign — www.infosecurity-magazine.com — 11.03.2026 16:45
Information Snippets
-
Over 250 WordPress sites, including regional news publications and a US Senate candidate’s official webpage, have been compromised.
First reported: 11.03.2026 16:451 source, 1 articleShow sources
- Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign — www.infosecurity-magazine.com — 11.03.2026 16:45
-
The campaign impacts sites in Australia, Brazil, Canada, Czechia, Germany, India, Israel, Singapore, Slovakia, Switzerland, the UK, and the US.
First reported: 11.03.2026 16:451 source, 1 articleShow sources
- Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign — www.infosecurity-magazine.com — 11.03.2026 16:45
-
The attackers use fake Cloudflare Captcha pages to initiate the infection process, tricking users into running malicious code via the Windows Run command.
First reported: 11.03.2026 16:451 source, 1 articleShow sources
- Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign — www.infosecurity-magazine.com — 11.03.2026 16:45
-
Infostealer malware payloads observed include Vidar Stealer, Impure Stealer, Vodka Stealer, and Double Donut.
First reported: 11.03.2026 16:451 source, 1 articleShow sources
- Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign — www.infosecurity-magazine.com — 11.03.2026 16:45
-
The campaign has been active since December 2025, suggesting a high level of automation and organization.
First reported: 11.03.2026 16:451 source, 1 articleShow sources
- Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign — www.infosecurity-magazine.com — 11.03.2026 16:45
-
Rapid7 has notified US authorities about the compromise of a US Senate candidate’s official webpage.
First reported: 11.03.2026 16:451 source, 1 articleShow sources
- Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign — www.infosecurity-magazine.com — 11.03.2026 16:45