Sophisticated Phishing Campaign Targets WooCommerce Users with Fake Security Alert

A sophisticated phishing campaign is targeting WooCommerce users with a fake security alert that prompts them to download a "critical patch," which actually installs a backdoor. The WordPress security company Patchstack described this activity as a variant of another campaign observed in December 2023, which used a fake CVE reference to compromise sites. This phishing campaign aims to deploy backdoors on the sites of WooCommerce users.