May 2025 - Ophtek

Fake Security Plugin Targets WordPress Sites

click fraud, malware, Ophtek, security tools, trusted plugins, update regularly, WordPressclick fraud, malware, Ophtek, Plugins, security, updates, wordpressOphtek, LLC

May 2025

A new malware attack is targeting WordPress websites by disguising itself as a security plugin, giving hackers full control over compromised sites.

Thousands of WordPress websites are at risk after a malware campaign was discovered which uses fake security plugins to hijack admin access. These plugins appear, at first glance, to be legitimate, tricking users into installing them. The reward for installing these plugins, the malware claims, is the promise of enhanced website security. However, once installed, the plugin gives hackers full administrative control. This allows the attackers to run malicious code and embed harmful content into the site for their own gain.

With over 810 million WordPress websites online, it makes sense for threat actors to target such a large audience. With so many websites at risk, we decided to take a closer look at this alarming threat so that we could help you keep your own website safe.

WordPress Security Plugin Turns Rogue

The attack is part of a growing trend where cybercriminals exploit trust in popular platforms like WordPress to spread malware through plugins, themes, and outdated software. The malware not only affects site functionality but can also steal user data, serve malicious ads, and damage the website’s reputation in the search engine results page ranking.

Cybersecurity researchers have found that the malicious plugin is being uploaded directly to WordPress installations. This file disguises itself as a genuine security feature in order to deceive victims. However, once installed, it quietly opens a backdoor which grants the attackers full administrative access to the site.

Unfortunately for the internet, hackers are as innovative as they are deceptive, and the malware showcased in this attack uses several techniques to avoid detection. Firstly, it hides itself from the WordPress dashboard, so website admins don’t see it listed alongside any other plugins they use. It also modifies key files in the website setup to make sure that the malware is reinstalled even if a legitimate admin manages to delete it.

The malware has been observed to carry out a number of malicious actions once activated. JavaScript ads and spam obtained from similarly compromised websites is delivered to affected websites, with the focus here being clearly on creating revenue from advertising via click fraud. And with 810 million WordPress websites at risk of being compromised, this could prove to be highly lucrative for the threat actors behind the attack.

How Can You Protect Your WordPress Site?

Attacks such as this demonstrate the importance of practicing good security habits when managing a website. With the risk of reputational and financial damage a very real risk here – especially if you rely on your website for revenue – it’s crucial that you follow our three top tips for protecting your WordPress site:

Only Use Trusted Plugins: Only download plugins and themes from the official WordPress plugin repository or from developers with a proven reputation for safety. Avoid installing plugins shared in forums, online marketplaces, or downloaded from websites that lack credibility.

Keep Everything Updated: Regularly update your WordPress core, themes, and plugins. Hackers will often exploit known vulnerabilities in outdated software, so make sure you don’t make their job easy. Set reminders or enable automatic updates where possible.

Use Strong Security Tools: Install a reliable WordPress security plugin that includes malware scanning, firewall protection, and brute force attack prevention such as Cloudflare, Wordfence, or SolidWP. Also, enable multi-factor authentication for all administrator accounts to reduce the risk of unauthorized access.

For more ways to secure and optimize your business technology, contact your local IT professionals.

UK Retailer Halts Online Sales Following Cyberattack

cyberattack, Incident response plan, Marks and Spencer, Ophtek, Ransomware, software updates, Zero Trustcyberattack, Incident response plan, Marks and Spencer, Ophtek, ransomware, security, updates, vulnerability, Zero TrustOphtek, LLC

May 2025

A major UK retailer has had to suspend all online sales due to a cyberattack which has struck deep at the heart of its operations.

Founded in 1884, Marks and Spencer has served British shoppers for nearly 150 years. In 1999, they launched their online shopping service, and by 2024 they could count 9.4 million active customers on their online platforms. Clearly, their online operations are significant. But this also makes them a tempting target for threat actors looking for either financial gain or the opportunity to simply cause digital chaos.

For Marks and Spencer, this cyberattack has proved costly both in terms of revenue and reputation. And a similar fate could easily be awaiting your business.

How Cybercriminals Disrupted Marks and Spencer’s Operations

Following the Easter holiday weekend, Marks and Spencer was forced into announcing that they had suspended all online sales. Over the weekend, they revealed they had become aware of a major cyberattack affecting their services. Contactless payments in their stores had been failing and their online click-and-collect service had also been affected, with shoppers unable to log into the in-store system to verify their purchases. Several days later, the ability to make online purchases was still unavailable, with many of Marks and Spencer’s international online platforms also suspended.

The exact nature of the attack has not been disclosed yet, with the retailer simply explaining that there has been a cybersecurity incident and that they’re working with experts to resolve this. The official line is that customers do not need to worry about this attack, but with 9 million customers’ details at risk, there is clearly cause for concern. Rumors persist that Marks and Spencer has been the victim of a ransomware attack, but this is purely speculation. Nonetheless, independent security experts have advised customers to keep an eye on their bank statements.

Simple Steps to Shield Your Business from Cyber Threats

Around a quarter of Marks and Spencer’s sales come from their online shopping service, so this cyberattack represents a major blow to their revenue. Additionally, whatever this lapse in security is, it will stick in the minds of shoppers for a long time, potentially encouraging them to take their purchases elsewhere.

So, in an age where e-commerce is such an important aspect of business, it’s crucial that your business knows how to protect itself from similar attacks. To help you keep your defenses in shape, make sure you follow these best practices:

Operate a Zero-Trust Model: Always double check who’s trying to access your PCs and networks. Even if it appears to be a safe connection, it pays to verify it first. Use strong passwords, two-factor authentication, and make sure devices connecting to your network are secure.
Keep Your Software Updated: Vulnerabilities in old software are what hackers get up for in the morning. That’s why it’s vital that you always update your software as soon as updates are available. Updates fix holes in your security and ensure that attackers are unable to breach your defenses so easily.
Develop an Incident Response Plan: Designing a comprehensive incident response plan allows you to take swift, decisive action in the case of an emergency. For Marks and Spencer, this focused on shutting down their online sales, but this could even extend to shutting down all non-essential networks and restricting network access. The quicker you can implement these plans, the sooner you can limit your digital risk.

For more ways to secure and optimize your business technology, contact your local IT professionals.

5 Tech Upgrades Your Business Can’t Ignore in 2025

official upgrades, Ophtek, Repairs and Upgrades, system upgrades, upgrade hardware, upgrade softwarehardware upgrades, Official upgrades, Ophtek, repairs, software upgrades, system upgradesOphtek, LLC

May 2025

It’s time to upgrade your business tech to make sure you can remain competitive, improve your productivity and enhance your security in 2025.

Technology can seem complicated, even intimidating. But in 2025 it doesn’t have to be this way. Instead, you can give your business a serious boost by upgrading a few simple tools. Whether you’re managing a small business or running things on your own, Ophtek has five amazing tech upgrades which can maximize your productivity and keep you one step ahead of your competitors:

Upgrade to Solid State Drives: Traditional hard drives are slower and more prone to failure compared to modern solid-state drives (SSD). Therefore, if you’re still making do with old-style hard drives, 2025 is the time to start upgrading your PCs to SSDs. This upgrade will significantly reduce boot-up times and make your programs load in seconds instead of minutes. SSDs are also less power hungry and tend to be more durable, making them a perfect eco-friendly option.
Step Up to a Modern Router: Outdated routers are the quickest productivity killers in small offices. A modern router with Wi-Fi 6 or Wi-Fi 6E delivers faster internet speeds and improved stability, which is critical when multiple employees are connected at once. The increase in performance will also enhance video conferencing and large file uploads, ensuring remote collaboration runs smoothly. As well as all this, a new router opens your PCs up to stronger security options.
Upgrade Your Printers to Cloud Models: Old printers can be slow, clunky, and hard to connect to, so this is one area where you really need to upgrade. Cloud-connected printers allow staff to print from any device, including laptops and even smartphones, whether they’re based in the office or working remotely. These printers also benefit from improved security, simpler troubleshooting, and features like automatic supply reordering to ensure you never run out of toner.
Switch to Cloud-Based Collaborative Tools: Workplace collaboration tools like Microsoft 365, Google Workspace, and Asana have become essential in modern businesses. They allow your teams to work together on documents and projects in real time, with no need to waste time emailing attachments. Everything you need from calendars, files, and chat transcripts is saved in the cloud, ensuring that your files are always backed up and accessible from anywhere.
Use Password Managers: Trying to remember passwords is difficult at the best of times, and reusing the same one everywhere represents a major security risk. This is why you need to invest in a password manager which securely stores all your login details and can help you generate strong, unique passwords for all your accounts. Password managers to consider include Bitwarden, LastPass, and 1Password.

Final Thoughts

You don’t need to completely overhaul your entire IT infrastructure to make a big difference in 2025. Instead, by implementing a few smart upgrades, you can minimize frustration, improve security, and make your team more productive. Best of all, these changes are affordable and easy to put in place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

CoffeeLoader Malware: Hiding in Your GPU

CoffeeLoader, malicious downloads, malware, Ophtek, PC Security, security practices, Suspicious links, UpdatesCofeeLoader, malware, Ophtek, security, updatesOphtek, LLC

May 2025

A new malware named CoffeeLoader exploits computer GPUs to escape security measures, posing a major threat to PC users.

Cybercriminals are constantly enhancing their tactics and looking for new strategies, and the latest threat is CoffeeLoader – a slice of malware which takes an innovative approach to hiding from security tools. Typically, malware runs on the central processing unit (CPU) of a PC, but CoffeeLoader throws a curveball by executing on the graphics processing unit (GPU). Most security software ignores GPU activity, so CoffeeLoader is able to operate silently in the background.

All malware is a nightmare, but malware which can only be described as ingenious is even worse. That’s why Ophtek’s going to give you a quick run through on what’s happened and how you can keep your PCs safe.

Brewing Trouble: The Tactics of CoffeeLoader

The exact mechanics of how CoffeeLoader infects a system has not, as of yet, been revealed. However, as with most malware, it’s likely that CoffeeLoader is used in conjunction with phishing emails and malicious websites. What is known about CoffeeLoader is its unique approach to protecting itself.

One of CoffeeLoader’s key tactics is to integrate ‘call stack spoofing’ into its attack. Security tools usually track how programs execute by monitoring their call stacks. But what, you may ask, is a call stack? Well, to keep it simple, we’ll describe it as a log of commands showing the program’s activity flow. However, this is where CoffeeLoader’s deceptive streak starts. By distorting its stack, it appears as though it’s running legitimate processes. This allows it to blend in with your usual system activity, avoiding detection with ease.

To strengthen its stealth credentials, CoffeeLoader also employs sleep obfuscation. This is a technique used by threat actors to evade detection by inserting artificial delays or sleep functions into its code. This allows the malware to appear inactive or dormant, a technique which enables it to escape detection by behavioral analysis tools.

Finally, CoffeeLoader exploits Windows fibers – these are lightweight execution threads commonly used by genuine, harmless applications. Manipulating these fibers allows the malware to switch execution paths mid-attack, which makes it more unpredictable and difficult for security programs to trace.

Combined, these three techniques underline the dangerous threat contained within CoffeeLoader. From running on a PC’s GPU and using multiple processes to conceal itself, CoffeeLoader can evade detection and exploit an infected system to its heart’s content.

How Can You Avoid Being Burnt by CoffeeLoader?

As cyber threats become more advanced through attacks such as CoffeeLoader, it’s crucial that PC users adopt these best practices to stay safe and protect their systems:

Keep Your Software Updated: one of the simplest ways to protect your IT infrastructure is by ensuring that your applications are kept up-to-date and secure. This can easily be achieved by always downloading the latest software patches and updates as soon as they’re available. Hackers thrive upon outdated software and the associated vulnerabilities, so it’s paramount that you prevent this.
Use Advanced Security Tools: Basic anti-malware software is fine for your average PC user, but businesses often need something a little more robust. Advanced security suites offer behavior-based detection that can analyze and recognize unusual activity.
Be Careful with Downloads and Links: The internet is full of dangers and hazards, so you should avoid downloading anything from untrusted websites or clicking on links in suspicious emails. The best way forwards with downloads and links is to only trust them if they’re from genuine, legitimate websites – this prevents you from downloading malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Monthly Archives: May 2025