The latest campaign detected by Sucuri has been found to leverage compression techniques using a software library called zlib to conceal the malware, reduce its footprint, and avoid detection.

"Bad actors are continually evolving their tactics, techniques, and procedures to evade detection and prolong the life of their malware campaigns," Sucuri researcher Denis Sinegubko said.

"SocGholish malware is a prime example of this, as attackers have altered their approach in the past to inject malicious scripts into compromised WordPress websites."

It's not just SocGholish. Malwarebytes, in a technical report this week, detailed a malvertising campaign that serves visitors to adult websites with popunder ads that simulate a fake Windows update to drop the "in2al5d p3in4er" (aka Invalid Printer) loader.

WordPress

"The scheme is very well designed as it relies on the web browser to display a full screen animation that very much resembles what you'd expect from Microsoft," Jérôme Segura, director of threat intelligence at Malwarebytes, said.

The loader, which was documented by Morphisec last month, is designed to check the system's graphic card to determine if it's running on a virtual machine or in a sandbox environment, and ultimately launch the Aurora information stealer malware.

The campaign, per Malwarebytes, has claimed 585 victims over the past two months, with the threat actor also linked to other tech support scams and an Amadey bot command-and-control panel.

Essential Addons for Elementor Plugin Flaw Actively Exploited

Wordfence, in its own advisory, said the critical vulnerability in the Essential Addons for Elementor plugin is being actively exploited in the wild, and that it blocked 200 attacks targeting the flaw in the past 24 hours, making it imperative that users move quickly to update to the latest version.