A supply-chain attack against Awesome Motive’s CDN compromised WordPress plugins OptinMonster, TrustPulse, and PushEngage, briefly serving malicious JavaScript to users. Attackers used a stolen CDN API key to inject code that could create rogue administrator accounts, install hidden backdoors, and give full remote access to infected sites. #OptinMonster #TrustPulse #PushEngage #AwesomeMotive #UpdraftPlus
Keypoints
- OptinMonster, TrustPulse, and PushEngage were compromised through Awesome Motive’s CDN.
- Sansec found malicious scripts served to users during a brief window on June 12 and into Saturday.
- The injected malware activated when a WordPress administrator visited an infected page.
- Attackers could steal authentication tokens, create rogue admin accounts, and install a hidden backdoor plugin.
- Awesome Motive says the breach started after attackers exploited a known UpdraftPlus flaw and stole CDN credentials.