Home Security Hackers Utilizing Faux DDoS Safety Pages to Distribute Malware

Hackers Utilizing Faux DDoS Safety Pages to Distribute Malware

by crpt os


WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer.

“A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims to download remote access trojan malware,” Sucuri’s Ben Martin said in a write-up published last week.

Distributed denial-of-service (DDoS) protection pages are essential browser verification checks designed to deter bot-driven unwanted and malicious traffic from eating up bandwidth and taking down websites.

The new attack vector involves hijacking WordPress sites to display fake DDoS protection pop-ups that, when clicked, ultimately lead to the download of a malicious ISO file (“security_install.iso”) to the victim’s systems.

CyberSecurity

This is achieved by injecting three lines of code into a JavaScript file (“jquery.min.js”), or alternatively into the active theme file of the website, which, in turn, loads heavily obfuscated JavaScript from a remote server.

“This JavaScript then communicates with a second malicious domain which loads more JavaScript that initiates the download prompt for the malicious .iso file,” Martin explained.

Following the download, users are prompted to enter a verification code generated from the so-called “DDoS Guard” application so as to entice the victim into opening the weaponized installer file and accessing the destination website.

While the installer does display a verification code to maintain the ruse, in reality, the file is a remote access trojan called NetSupport RAT, which is linked to the FakeUpdates (aka SocGholish) malware family and also covertly installs Raccoon Stealer, a credential-stealing trojan available for rent on underground forums.

The development is a sign that attackers are opportunistically co-opting these familiar security mechanisms in their own campaigns in a bid to trick unsuspecting website visitors into installing malware.

DDoS Attack

To mitigate such threats, website owners are required to place their sites behind a firewall, employ file integrity checks, and enforce two-factor authentication (2FA). Website visitors are also urged to turn on 2FA, avoid opening suspicious files, and use a script blocker in web browsers to prevent the execution of JavaScript.

CyberSecurity

“The infected computer could be used to pilfer social media or banking credentials, detonate ransomware, or even entrap the victim into a nefarious ‘slave’ network, extort the computer owner, and violate their privacy — all depending on what the attackers decide to do with the compromised device,” Martin said.

This isn’t the first time ISO-themed files and CAPTCHA checks have been used to deliver the NetSupport RAT.

In April 2022, eSentire disclosed an attack chain that leveraged a fake Chrome installer to deploy the trojan, which then paved the way for the execution of Mars Stealer. Likewise, an IRS-themed phishing campaign detailed by Cofense and Walmart Global Tech involved utilizing fake CAPTCHA puzzles on websites to deliver the same malware.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex