Hackers Using Fake Error Messages on Hacked Websites to Install Malware

A new malware campaign called Lorem Ipsum is targeting visitors to hacked WordPress websites. When you visit one of these compromised sites, you might see what looks like an error message or security warning. If you follow the instructions in this fake message, you will unknowingly install malware on your computer.

Security researchers believe this campaign may be linked to Vice Society, a group known for ransomware attacks and stealing data. Anyone who visits a hacked WordPress website could be affected. WordPress powers millions of websites, including blogs, small business sites, and news outlets.

You cannot tell just by looking whether a site has been compromised. The fake messages often look convincing and may appear to be from legitimate companies like Microsoft or Google. Once installed, this malware can steal your passwords, monitor your activity, or give hackers control of your computer.

1. Run a full scan with your antivirus software. Make sure it is updated first.
2. Change passwords for your important accounts, especially banking, email, and social media.
3. Watch your bank and credit card statements closely for unauthorized charges.
4. If you do not have antivirus software installed, get a reputable program right away and scan your device. Going forward, be skeptical of any pop-up messages that appear while browsing websites. Legitimate error messages from your computer or browser look different from messages that appear on a webpage. Never download software or follow troubleshooting steps from a pop-up unless you are absolutely certain it is legitimate. When in doubt, close the browser window completely and visit the site again. Keep your antivirus software running and updated at all times.