Fake Java Update Popup Found in Malicious WordPress Plugin

We recently assisted a customer who reported a persistent and concerning “Java Update” pop-up appearing on their WordPress website. This type of deceptive notification is a common tactic used by attackers to compromise website visitors. Our investigation revealed a malicious plugin operating stealthily within their WordPress environment.

What Did We Find?

A plugin installed in the /wp-content/plugins/contact-form/ directory, posed as “Yoast SEO”, complete with fake metadata to mislead site owners. However, it served a completely different purpose.

Continue reading Fake Java Update Popup Found in Malicious WordPress Plugin at Sucuri Blog.