{
  "name": "Fake Browser Updates Targeting WordPress Administrators via Malicious Plugin",
  "slug": "fake-browser-updates-targeting-wordpress-administrators-via-malicious-plugin",
  "description": "A malicious WordPress plugin named 'Modern Recent Posts' has been discovered, targeting administrators with fake browser update pop-ups. The plugin injects malicious JavaScript from an external domain, only affecting logged-in administrators on Windows machines. The campaign uses social engineering tactics to trick users into downloading potential malware. The plugin includes persistence mechanisms and can self-update. This sophisticated attack demonstrates a focused approach on high-value targets, leveraging trust in security updates to compromise local machines. The malware's stealthy nature and targeted delivery system make it particularly dangerous for WordPress site owners.",
  "published": "2026-01-08T10:41:04+00:00",
  "created_at": "2026-01-08T10:41:04+00:00",
  "modified_at": "2026-01-08T11:44:55+00:00",
  "created_at_opencti": "2026-01-08T10:41:04+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2026-01-08",
    "browser updates",
    "malicious javascript",
    "persistence",
    "social engineering"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "https://persistancejs.store/jsplug/plugin.php"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:4d199fddd541db74",
        "name": "Modern Recent Posts",
        "slug": "modern-recent-posts"
      }
    ]
  },
  "external_refs": [
    "https://blog.sucuri.net/2026/01/fake-browser-updates-targeting-wordpress-administrators-via-malicious-plugin.html",
    "https://otx.alienvault.com/pulse/695f97d0de7c4d61dff4485b"
  ]
}