The reported phishing scam involving the fake CVE-2023-45124 targets WordPress users. This scam is executed through phishing emails that falsely claim to be from the WordPress team. These emails warn of a non-existent Remote Code Execution (RCE) vulnerability on the user's WordPress site, identified as CVE-2023-45124. However, it is important to note that CVE-2023-45124 is not a valid Common Vulnerabilities and Exposures (CVE) identifier.
Victims of this scam are prompted to download and install a "Patch" plugin, supposedly to fix this fabricated vulnerability. The link provided for downloading the plugin leads victims to a fake but convincing site. This deceptive strategy is designed to trick users into installing malware on their websites. The irony lies in the fact that the phishing message itself warns about data theft, while the actual intent of the scam is to introduce malware into the users' WordPress sites.
This sophisticated email campaign exploits fake WordPress security advisories, aiming to compromise website security. Security experts from Wordfence and PatchStack have intercepted and reported this malicious campaign, seeking to increase awareness among WordPress users about this specific threat
IoC
DOMAIN
- en-gb-wordpress.org
SHA256
- ffd5b0344123a984d27c4aa624215fa6452c3849522803b2bc3a6ee0bcb23809
CVE
- CVE-2023-45124
REFERENCES
- https://www.bitdefender.com/blog/hotforsecurity/fake-wordpress-security-advisory-used-to-deploy-malware-and-backdoor/
- https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/#:~:text=The%20Phishing%20email%20claims%20to,%E2%80%9CPatch%E2%80%9D%20plugin%20and%20install%20it
- https://malware.news/t/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/76246
- https://sensorstechforum.com/cve-2023-45124-fake-wordpress-advisory/#:~:text=WordPress%20administrators%20are%20facing%20a,raise%20awareness%20among%20WordPress%20users
- https://otx.alienvault.com/pulse/656f2ee901a8cdd523b08cb8
TAGS
wordpress, wordfence, phishing scam, backdoor plugin, terminal, twitter
No comments:
Post a Comment