Cyberattackers used a fake security advisory to target cPanel and WebHost Manager (WHM) users. This phishing campaign that used the subject line “cPanel Urgent Update Request” in users’ emails had appeared online.
Changing password is recommended
There was not an official statement from cPanel. In the fake security advisory, the attackers explained the reason saying:
“The cPanel Security Team identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time. Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues.”
In addition to this, the attackers registered the domain ‘cpanel7831.com’ and used Amazon’s Simple Email Service (SES) to send out the emails to cPanel and WHM users to be seen more legitimate. If a user clicked on the “Update your cPanel & WHM installations” button, they were bought to a website that prompted them to login using their cPanel credentials.
The phishing landing page now redirects to a Google search for the keyword cPanel. The recommended action to avoid this scam is to log into the web hosting provider and change the password.