A malicious campaign targeting Windows users through WordPress websites is deploying the LummaStealer trojan. Attackers use fake Cloudflare verification prompts to trick users into running malicious PowerShell commands. The infection is spread through compromised plugins or injected JavaScript in legitimate files. Victims are directed to execute commands that download and install the LummaStealer malware, which can steal sensitive data like login credentials and cryptocurrency information. The attackers also create hidden admin users in infected WordPress sites for persistence. Multiple variants of this attack have been observed, with some using URL shortening services to obfuscate malicious links. Website owners are advised to keep software updated, use strong passwords, and implement 2FA to mitigate risks.