Cegeka_Logo Careers Language Solutions
Back
Solutions
Hybrid Cloud

Hybrid Cloud

Explore the added value of cloud adoption for your business.

 Data solution

Data & AI

Discover our different data solutions to help you become a data-driven company.

 RegulatoryCompliance_Visuals_Navigation (1)

Regulatory Compliance

Ensure GDPR & GxP compliance with our comprehensive solutions.

 Cyber Security & Networking Solution

Cyber Security & Networking

With cyber resilience, your organisation becomes a bit more secure with each day.

 Digital Workplace Solution

Digital Employee Xperience

Your Digital Employee Xperience. Our Mission.

 Testing_Visuals_IconNavigation (1)

Quality Engineering

Ensuring seamless software, one Test at a time.

 Cegeka Application Services

Cegeka Application Services

Building the applications to embed growth, innovation and agility.

 Business Applications

Business Applications

Transform your business with Microsoft Dynamics ERP and CRM, integrated with Microsoft’s Power Platform.

 5G_Citymesh

5G & Mobile Private Networks

Expertise and development experience to bring all the advantages of 5G.

 Products and platform solutions

Products & Platforms

Software solutions that optimize business processes and drive success.

 Services
Back
Services
Website_Navigation_IT_Team_Extension_3

IT Team Extension

The best IT professionals to support your projects.

 Outsourcing Services

Outsourcing & Managed Services

Outsourcing your IT helps you to focus on your strategy.

 Website_Navigation_Consultancy

Consultancy

The right skills and attitude to support the IT projects at your office

 Website_Navigation_Projects

Projects

Integrating the right digital solutions for your IT project

 Industries
Back
Industries

Our industry-tailored services are designed to address specific challenges and opportunities across different industries.

All industries government 1

Government and Public Sector

Digital transformation for smarter, citizen-focused public services.

 energy_utilities 1

Energy & Utilities

The arrival of smart electricity grids will allow companies to take care of their own energy management

 defense 1

Defense & Security

Mission-ready IT securing critical infrastructure and data sovereignty.

 food 1

Food

Streamline operations, ensure traceability and maintain compliance.

 finance 1

Finance & Insurance

Cloud-powered innovation for agile, secure financial services.

 manufacturing 1

Manufacturing

Production chains are becoming intelligent networks with real-time track-and-trace systems.

 Insights
Back
Knowledge is our backbone

We believe in sharing our insights and expertise with you. Explore our resources and learn more about our products, services and industry trends.

 Icons_Navigation_Case Studies

Case Studies

Step into the world of our delighted customers and see how we helped them achieve their goals.

 Icons_Navigation_News Items

Corporate News

Stay in the loop with our company news, announcements, awards and events.

 Icons_Navigation_Blogs

Blogs

Read our latest articles on topics ranging from technology, innovation, business and beyond.

 Icons_Navigation_Webinars

Webinars

Be part of the action with our live or on-demand webinars, where our experts share invaluable knowledge.

 Icons_Navigation_Ebooks

E-books & Whitepapers

Download our guides and reports on various aspects of technology and business.

 Icons_Navigation_Events

Events

Find out where we are going to be next, and register for our upcoming events.

 Cegeka Academy

Academy

Enhance your skills with our expert-led training courses, tutorials, and certifications at our Academy.

Join our Academy About us Back
shaping digital together

We work shoulder to shoulder with our clients to ensure technology drives impact when and where it matters most.

Start the journey with us Icons_Navigation_Why Cegeka

Why Cegeka

Discover why more than 2,500 clients around the world choose to work with us, and stay with us.

Icons_Navigation_Cegeka&Society

ESG at Cegeka

We turn ESG ambition into action via sustainable IT, carbon footprint reduction and an inclusive work environment.

 Icons_Navigation_Our Story

The Cegeka Story

In just over 30 years, Cegeka has grown from 30 people to a global company with 9,000 employees across 3 continents.

 Icons_Navigation_Annual Report

Annual Report

See how our work makes a difference, explore the full annual report to learn more.

More Cegeka

Our Management

Corporate News

Contact & Locations

 Back
Select language

Austria

Belgium

Belgium

Denmark

Germany

Italy

Romania

Sweden

The Netherlands

United Kingdom

United States

 Let’s get in touch Cegeka_Logo Solutions
Solutions
Hybrid Cloud

Hybrid Cloud

Explore the added value of cloud adoption for your business.

 Data solution

Data & AI

Discover our different data solutions to help you become a data-driven company.

 RegulatoryCompliance_Visuals_Navigation (1)

Regulatory Compliance

Ensure GDPR & GxP compliance with our comprehensive solutions.

 Cyber Security & Networking Solution

Cyber Security & Networking

With cyber resilience, your organisation becomes a bit more secure with each day.

 Digital Workplace Solution

Digital Employee Xperience

Your Digital Employee Xperience. Our Mission.

 Testing_Visuals_IconNavigation (1)

Quality Engineering

Ensuring seamless software, one Test at a time.

 Cegeka Application Services

Cegeka Application Services

Building the applications to embed growth, innovation and agility.

 Business Applications

Business Applications

Transform your business with Microsoft Dynamics ERP and CRM, integrated with Microsoft’s Power Platform.

 5G_Citymesh

5G & Mobile Private Networks

Expertise and development experience to bring all the advantages of 5G.

 Products and platform solutions

Products & Platforms

Software solutions that optimize business processes and drive success.

 Services
Services
Website_Navigation_IT_Team_Extension_3

IT Team Extension

The best IT professionals to support your projects.

 Outsourcing Services

Outsourcing & Managed Services

Outsourcing your IT helps you to focus on your strategy.

 Website_Navigation_Consultancy

Consultancy

The right skills and attitude to support the IT projects at your office

 Website_Navigation_Projects

Projects

Integrating the right digital solutions for your IT project

 Industries
Industries

Our industry-tailored services are designed to address specific challenges and opportunities across different industries.

All industries government 1

Government and Public Sector

Digital transformation for smarter, citizen-focused public services.

 energy_utilities 1

Energy & Utilities

The arrival of smart electricity grids will allow companies to take care of their own energy management

 defense 1

Defense & Security

Mission-ready IT securing critical infrastructure and data sovereignty.

 food 1

Food

Streamline operations, ensure traceability and maintain compliance.

 finance 1

Finance & Insurance

Cloud-powered innovation for agile, secure financial services.

 manufacturing 1

Manufacturing

Production chains are becoming intelligent networks with real-time track-and-trace systems.

 Insights
Knowledge is our backbone

We believe in sharing our insights and expertise with you. Explore our resources and learn more about our products, services and industry trends.

 Icons_Navigation_Case Studies

Case Studies

Step into the world of our delighted customers and see how we helped them achieve their goals.

 Icons_Navigation_News Items

Corporate News

Stay in the loop with our company news, announcements, awards and events.

 Icons_Navigation_Blogs

Blogs

Read our latest articles on topics ranging from technology, innovation, business and beyond.

 Icons_Navigation_Webinars

Webinars

Be part of the action with our live or on-demand webinars, where our experts share invaluable knowledge.

 Icons_Navigation_Ebooks

E-books & Whitepapers

Download our guides and reports on various aspects of technology and business.

 Icons_Navigation_Events

Events

Find out where we are going to be next, and register for our upcoming events.

 Cegeka Academy

Academy

Enhance your skills with our expert-led training courses, tutorials, and certifications at our Academy.

Join our Academy About us
shaping digital together

We work shoulder to shoulder with our clients to ensure technology drives impact when and where it matters most.

Start the journey with us Icons_Navigation_Why Cegeka

Why Cegeka

Discover why more than 2,500 clients around the world choose to work with us, and stay with us.

Icons_Navigation_Cegeka&Society

ESG at Cegeka

We turn ESG ambition into action via sustainable IT, carbon footprint reduction and an inclusive work environment.

 Icons_Navigation_Our Story

The Cegeka Story

In just over 30 years, Cegeka has grown from 30 people to a global company with 9,000 employees across 3 continents.

 Icons_Navigation_Annual Report

Annual Report

See how our work makes a difference, explore the full annual report to learn more.

More Cegeka

Our Management

Corporate News

Contact & Locations

 Austria   Austria DE Belgium   Belgium NL Belgium   Belgium FR Denmark   Denmark EN Germany   Germany DE Italy   Italy IT Romania   Romania EN Sweden   Sweden EN The Netherlands   The Netherlands NL United Kingdom   United Kingdom EN United States   United States EN Careers Let’s get in touch
Home Discover our latest blogs Discover our latest blogs Widespread ClickFix Campaign via Compromised WordPress Sites Delivers Windows and macOS Information Stealers
Cyber security & Networking
2 minutes reading

Widespread ClickFix Campaign via Compromised WordPress Sites Delivers Windows and macOS Information Stealers

The CSIRT (Computer Security Incident Response Team) of Cegeka Modern SOC recently observed a campaign that leverages compromised WordPress websites to deliver OS-specific malware to both macOS and Windows users.

Cristina Aldea

Cristina Aldea

May 06, 2026

Legitimate WordPress websites are being abused to host malicious iframes or injected scripts that profile visitors based on the User-Agent to deliver OS-specific malware.

Analysis of multiple compromised WordPress websites indicates that:

  • macOS users are targeted with Amnesia Stealer
  • Windows users are compromised via a multi-stage HijackLoader using BNB Smart Chain based C2 to deploy a .NET information stealer.

Summary (overview)

Threat Analysis

Compromised WordPress websites are leveraged as an initial access vector, to lure visitors to attacker-controlled domains using the “ClickFix” social engineering technique.

Cegeka CSIRT discovered that the compromised websites are used to host malicious payloads that leverage content from the malicious domain testio[.]ecartdev[.]com. The attacker-controlled domain hosts a malicious script that profiles visitors based on the User-Agent and delivers a tailored ClickFix prompt that downloads Amnesia Stealer for macOS users and HijackLoader for Windows users.

The macOS ClickFix prompt initiates the Amnesia Stealer infection chain by downloading a malicious archive macos-hybrid-stealer.zip from the domain shlyapadulina[.]space. The archive contains the primary stealer components responsible for collecting and staging sensitive information such as browser credentials, files, notes and system data within a temporary directory, which is subsequently exfiltrated to an external IP address via HTTP POST requests.

Amnesia Stealer

The Windows ClickFix prompt initiates the HijackLoader infection chain by downloading and installing a malicious MSI file. The malware abuses legitimate signed applications through search order hijacking and in-memory .NET assembly execution. The execution chain results in a malicious .NET assembly being loaded and executed within the context of a digitally signed process ‘RadiantC64.exe’. During execution, the malware establishes outbound communications with BNB Smart Chain endpoints via Ethereum JSON-RPC requests, as well as with a malicious external IP address.

The diagram below shows a high-level overview of the infection chain involving the deployment of HijackLoader, while a comprehensive analysis is provided in the threat analysis report linked within this article.

HijackLoader-BMP

Recommendations

Cegeka CSIRT encourages organizations to:

  • Block the indicators of compromise (IOCs) through applicable security controls including firewalls, NIDS/NIPS, HIDS/HIPS, EDR/XDR, etc…
  • Conduct threat hunting across their environments to identify any activity associated with the IOCs provided in the Threat Analysis report.
  • Raise user awareness regarding ClickFix social engineering techniques, emphasizing the risks of executing commands prompted by untrusted websites.
  • Regularly update WordPress core, themes and plugins to reduce the risk of compromise.
  • Establish an internal Security Operation Center (SOC) / Cybersecurity Incident Response Team (CSIRT) or partner with a Managed Security Services Provider to ensure continuous threat detection and prompt incident response.

Threat Analysis Report

Please find the full Cegeka CSIRT threat analysis report which includes the observed indicators of compromise here:

ClickFix via Compromised WordPress banner HubSpot CTA 1920x540px

Cegeka Modern SOC

Our Cegeka Modern SOC, staffed with experienced security professionals, is able to detect these types of attacks and adequately respond to them in a timely manner, minimizing or even fully preventing impact on your organization.
Cristina Aldea

Cristina Aldea

More of Cristina Aldea articles

Get in touch