Malicious hackers have been exploiting thousands of legitimate websites since at least December 2017 in a sophisticated campaign that has disguised malware as fake software updates. Security researchers at MalwareBytes report that they have uncovered evidence of thousands of compromised websites running popular content management systems (CMS) such as SquareSpace, WordPress and Joomla.