SlowMist: Beware of watering hole attacks launched by malicious attackers using WordPress plugin vulnerabilities

Odaily News According to SlowMist monitoring, attackers have recently used WordPress plugin vulnerabilities to attack normal sites, and then injected malicious js code into the sites to launch watering hole attacks. When users visit the sites, malicious pop-ups pop up to trick users into executing malicious code or signing Web3 wallets, thereby stealing users' assets. SlowMist recommends that sites that use WordPress plugins pay attention to checking for vulnerabilities and updating plugins in a timely manner to avoid being attacked; when users visit any site, they should carefully identify the downloaded programs and the content of the Web3 signature to avoid downloading malicious programs or authorizing malicious signatures that may lead to asset theft.