All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Supply-chain attack on OptinMonster and related WordPress plugins compromises 1.2 million sites

By

Sansec Forensics Team

24d ago· 5 min readenNews

Summary

Sansec discovered an active supply-chain attack affecting over 1.2 million sites using OptinMonster, TrustPulse, and PushEngage WordPress plugins, all operated by Awesome Motive. Attackers injected malicious JavaScript into legitimate plugin files, which waits for a logged-in administrator to create a backdoor admin account and install a hidden backdoor plugin. The stolen credentials are sent to a lookalike domain (tidio.cc mimicking tidio.com). The campaign was ongoing as of June 13, 2026.

Source

bskySupply-chain attack on OptinMonster and related WordPress plugins compromises 1.2 million sitessansec.io

Key quotes

· 5 pulled
Sansec discovered an active supply-chain attack hitting over 1.2 million sites that use the popular OptinMonster, TrustPulse and PushEngage Wordpress plugins, all operated by Wordpress giant Awesome Motive.
Attackers added malicious JavaScript to the legitimate files served by Awesome Motive, which are embedded in their customer's sites.
The malware waits for a logged-in administrator, creates a backdoor admin account, and installs a self-hiding backdoor plugin.
It then sends the new credentials to tidio.cc, a lookalike of the real tidio.com.
The campaign is ongoing as of 13 June 2026.
Snippet from the RSS feed
Malware adds admin accounts and hidden backdoor to sites using OptinMonster, TrustPulse or PushEngage plugins.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.