Read Time:1 Minute, 56 Second
Cybersecurity firm Sucuri, owned by GoDaddy, reported that a group of hackers have been luring unsuspecting users to install malware onto their devices by using fake DDoS-protection pages.
Hackers have started to insert phony DDoS-protection pages on sites created with WordPress. Those who visit these pages are greeted by a pop-up that appears to be Cloudflare’s DDoS-protection service. However, the pop-up will download a malicious ISO file to their PC if they click the message.
The attack targets websites that use DDoS-mitigation pages, which may appear when you attempt to visit certain websites to stop bots and other nasty web traffic from bombarding the website and disrupting its functionality.
The hackers display phony DDoS-protection sites by adding a piece of JavaScript code to the hacked WordPress websites. “With these types of browser checks being so common on the web, users wouldn’t think to question it before clicking ‘Allow’ and accessing the website,” said Sucuri security researcher Ben Martin.
The bogus DDoS-protection sites will download a file called “security_install.iso” to the victim’s computer. The WordPress website will display an additional pop-up window asking the user to download the ISO file to receive a verification code.
“Many users do not realize that 13 security vendors have flagged this file functions as a remote access trojan,” Martin said. This indicates that the malware may provide access to a hacker who can take control of a victim’s computer remotely.
The ISO file, a malware called Netsupport RAT (remote access trojan), has been used in ransomware attacks, according to antivirus provider Malwarebytes. The same harmful software can also install RacoonStealer, which is capable of obtaining user passwords and other sensitive information from a compromised PC.
This event should warn everyone to be cautious when their computer’s browser starts to download an unknown file- even if it seems like it’s coming from a trustworthy web security service. Martin added, “Malicious actors will compromise computers and push malware onto victims using any available avenue.”
The public is advised to install software from official websites and never click on links or download files from unknown or untrustworthy sources. If you think your computer may be infected with malware, run a scan with your antivirus program and contact a professional for help.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
