Hackers Use Google Ads to Phish ManageWP Logins via AitM
🔒 A phishing campaign abused Google sponsored search results to deliver a live adversary-in-the-middle (AitM) proxy that mimics ManageWP's sign-in page, placing the fake result above the legitimate one for the "managewp" query. Any credentials entered are exfiltrated to a Telegram channel and used in real time to bypass 2FA. Guardio Labs infiltrated the attackers' C2, observed an operator-driven phishing framework, and confirmed around 200 unique victims.
