Cybersecurity analysts are cautioning about an extensive phishing scheme aimed at WooCommerce users, featuring a counterfeit security notification that encourages them to install a “crucial update” while actually introducing a backdoor.

The WordPress security firm Patchstack characterized this operation as advanced and a variation of a previously noted campaign from December 2023 that used a counterfeit CVE tactic to infiltrate sites running.