More than 300 WordPress websites have been targeted by malicious Google Chrome update pop-ups. These pop-ups redirect website visitors to fake MSIX installers, leading to the deployment of information-stealing programs and remote access trojans.
The attack chain involves threat actors gaining unauthorized access to the WordPress admin interface and installing a legitimate WordPress plugin called “Hustle – Email Marketing, Lead Generation, Optins, Popups” to upload code responsible for displaying the fake browser update pop-ups.