Cyber threat infographic: WordPress site icon with blockchain links spreading malware icons (Atomic, Lumma); red arrows showing payload delivery, protective shields for updates and antivirus, with "Secure Your Sites" warning banner over a digital network.

UNC5142 is exploiting compromised WordPress sites with EtherHiding on BNB Smart Chain to deliver stealers like Atomic, Lumma, Rhadamanthys, and Vidar, targeting Windows and macOS. The campaign deploys CLEARSHORT, a ClearFake variant, via JavaScript that fetches payloads from smart contracts, using social engineering like ClickFix to evade detection and infect users.

Cyber threat infographic: WordPress site icon with blockchain links spreading malware icons (Atomic, Lumma); red arrows showing payload delivery, protective shields for updates and antivirus, with "Secure Your Sites" warning banner over a digital network.Cyber threat infographic: WordPress site icon with blockchain links spreading malware icons (Atomic, Lumma); red arrows showing payload delivery, protective shields for updates and antivirus, with "Secure Your Sites" warning banner over a digital network.

Attacks involve fetching encrypted payloads, with contracts enabling quick updates for resilience—Google flagged 14,000 pages but saw no activity post-July 23, 2025. This highlights blockchain's role in stealthy malware distribution, blending with legitimate Web3 activity.

Cyber threat infographic: WordPress site icon with blockchain links spreading malware icons (Atomic, Lumma); red arrows showing payload delivery, protective shields for updates and antivirus, with "Secure Your Sites" warning banner over a digital network.Cyber threat infographic: WordPress site icon with blockchain links spreading malware icons (Atomic, Lumma); red arrows showing payload delivery, protective shields for updates and antivirus, with "Secure Your Sites" warning banner over a digital network.

Defend by updating WordPress, avoiding unverified sites, enabling antivirus with behavioral detection, and using multi-factor authentication. Organizations should monitor blockchain interactions and patch vulnerabilities to stop these advanced threats.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security