TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Infosecurity Magazine

Compromised WordPress Sites Deliver ClickFix Attacks in Global Infostealer Campaign

2026-03-11 · Read original ↗

ATT&CK techniques detected

5 predictions
T1204.004Malicious Copy and Paste
78%
"many websites. however, in this scenario the captcha page is a convincing fake, designed to begin the infection process. fake captcha and clickfix attacks for social engineering the attackers deploy clickfix, a social engineering technique which uses dialogue boxes containing fak…"
T1566.002Spearphishing Link
59%
"compromised wordpress sites deliver clickfix attacks in global infostealer campaign a widespread cyber - criminal campaign has compromised legitimate wordpress websites to infect visitors with infostealer malware, threat researchers at rapid 7 have warned. the global operation ha…"
T1566.002Spearphishing Link
52%
"many websites. however, in this scenario the captcha page is a convincing fake, designed to begin the infection process. fake captcha and clickfix attacks for social engineering the attackers deploy clickfix, a social engineering technique which uses dialogue boxes containing fak…"
T1204.001Malicious Link
39%
"many websites. however, in this scenario the captcha page is a convincing fake, designed to begin the infection process. fake captcha and clickfix attacks for social engineering the attackers deploy clickfix, a social engineering technique which uses dialogue boxes containing fak…"
T1204.004Malicious Copy and Paste
36%
"compromised wordpress sites deliver clickfix attacks in global infostealer campaign a widespread cyber - criminal campaign has compromised legitimate wordpress websites to infect visitors with infostealer malware, threat researchers at rapid 7 have warned. the global operation ha…"

Summary

Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, warn Rapid7 researchers