A recent surge of malicious JavaScript code has been observed targeting websites using vulnerable versions of the LiteSpeed Cache plugin for WordPress. The malware injects code into critical WordPress files or the database, creating unauthorized admin users like 'wpsupp-user.' It exploits the vulnerability in LiteSpeed Cache before version 5.7.0.1, allowing attackers to inject malicious scripts. The malware is often associated with URLs like 'https://dns.startservicefounds.com/service/f.php' and IPs like 45.150.67.235 or 94.102.51.144. Website owners should review installed plugins, update them, and search for suspicious code or users.