Phishing Campaign Targets ManageWP Credentials via Google Ads

A phishing campaign is leveraging Google-sponsored search results to target credentials for ManageWP, GoDaddy's platform for managing multiple WordPress websites. Attackers are abusing Google Ads to display malicious ads that redirect users to fake login pages mimicking the legitimate ManageWP interface. The campaign aims to steal login credentials, potentially granting unauthorized access to WordPress site fleets managed through the platform. No specific dates, CVE IDs, or technical indicators (e.g., malware hashes, domains) were disclosed in the report. The impact includes potential account takeovers and unauthorized control over WordPress sites.