ScanSafe said in a statement that its researchers discovered the infection on Saturday, the same day McCartney reunited on stage with Ringo Starr for the first time in years. The toolkit was hidden behind an invisible frame on the site. When users visited, their machines were hit with an exploit that downloaded a rootkit.
Once the rootkit is installed "behind the scenes" on the victim's computer, thieves could steal personal information, such as credit card details and login credentials, according to ScanSafe.
"Once your computer is infected with a rootkit, none of your personal information is safe," said Spencer Parker, director of product management for ScanSafe, in a statement. "This is an extremely attractive target for cybercriminals given the level of attention McCartney is receiving at this moment.
McCartney's site quickly was fixed, according to ScanSafe. It is unclear how many users were compromised.
A representative for the musician could not be reached for comment on Tuesday.
According to Websense's most recent "State of Internet Security Report," 77 percent of websites containing malicious code are legitimate sites that were exploited by cybercrooks.