Skip to main content

Hackers Using Fake DDoS Protection Pages to Distribute Malware.

By Editor

 

WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer.

"A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims to download remote access trojan malware," Sucuri's Ben Martin said in a write-up published last week.

Distributed denial-of-service (DDoS) protection pages are essential browser verification checks designed to deter bot-driven unwanted and malicious traffic from eating up bandwidth and taking down websites.

The new attack vector involves hijacking WordPress sites to display fake DDoS protection pop-ups that, when clicked, ultimately lead to the download of a malicious ISO file ("security_install.iso") to the victim's systems.

This is achieved by injecting three lines of code into a JavaScript file ("jquery.min.js"), or alternatively into the active theme file of the website, which, in turn, loads heavily obfuscated JavaScript from a remote server.

"This JavaScript then communicates with a second malicious domain which loads more JavaScript that initiates the download prompt for the malicious .iso file," Martin explained.

Following the download, users are prompted to enter a verification code generated from the so-called "DDoS Guard" application so as to entice the victim into opening the weaponized installer file and access the destination website.

While the installer does display a verification code to maintain the ruse, in reality, the file is a remote access trojan called NetSupport RAT, which is linked to the FajeUpdates (aka SocGholish) malware family and also covertly installs Raccoon Stealer, a credential-stealing trojan available for rent on underground forums.

The development is a sign that threat actors are opportunistically co-opting these familiar security mechanisms in their own campaigns in a bid to trick unsuspecting website visitors into installing malware.

DDoS Attack

To mitigate such threats, website owners are required to place their sites behind a firewall, employ file integrity checks, and enforce two-factor authentication (2FA). Website visitors are also urged to turn on 2FA, avoid opening suspicious files, and use a script blocker in web browsers to prevent the execution of JavaScript.

"The infected computer could be used to pilfer social media or banking credentials, detonate ransomware, or even entrap the victim into a nefarious 'slave' network, extort the computer owner, and violate their privacy — all depending on what the attackers decide to do with the compromised device," Martin said.

This isn't the first time ISO-themed files and CAPTCHA checks have been used to deliver the NetSupport RAT.

In April 2022, eSentire disclosed an attack chain that leveraged a fake Chrome installer to deploy the trojan, which then paved the way for the execution of Mars Stealer.

Likewise, an IRS-themed phishing campaign detailed by Cofense and Walmart Global Tech involved utilizing fake CAPTCHA puzzles on websites to deliver the same malware.


#THN


#osutayusuf

Comments

Post a Comment

Popular posts from this blog

UGANDA ELECTORAL COMMISSION TO ELIMINATE NATIONAL IDENTIFICATION CARDS (IDs) FOR 2021 GENERAL ELECTIONS.

By Editor
The elimination of using National IDs (Ndagamuntu) for the 2021 elections should not have come as a surprise. One would be very NAIVE to think that Bobi Wine has not prepared for this in his Business Plan under the RISK section. It is public knowledge that our EC is not independent.  It is also public knowledge that Military Dictator Yoweri Museveni will never lose an election. What stunned us this morning is when we noticed that on social media, people were mocking Bobi with his "get your Ndagamuntu".  We are on record for saying to all Our readers that the National ID is like Apartheid in South Africa. Students of History would know how those IDs were being used to arrest people, deny them jobs, deny them basic services. Consequently, Bobi was not wrong and will never be wrong on the Ndagamuntu. Except the ones attacking him and mocking him forget that in Uganda, now, no National ID (Ndagamuntu), no service.  If you have not been denied registering your child i...
Post a Comment
Read more

Here is Why Our Utterances For Praying Jesus And God To Come Liberate Ugandans, May Be Misplaced. This Phrase is like inform of a Letter To Some Categorized Section Of Ugandans.

By Editor
https://m.facebook.com/yusufosuta/photos/a.1896701010557789/2070383359856219/?type=3 OPEN LETTER TO NRM SUPPORTERS - NATIONAL ROBBERS MOVEMENT. .................................................................................. Last week of March, a friend told me to pray for Uganda.  I told him that he was an Idiot and we have prayed for too long and we are still hungry and sick and Jesus is not coming soon to liberate us. He then ignored the STUPID and sent me a picture we all now know.  It got me totally messed up.  This guy was telling me to pray then sends a picture of men bowing down in blood.  He might have meant guns but I blocked him because his utterances of praying for Uganda were misplaced. I unblocked him 3 weeks later and asked him about praying and assassinations.  His reply "eithrr prayers or guns or both". I hate violence with a passion.  So he is now blocked in like FOREVER. Do you feel safe?  Do not feel safe. Uganda regim...
Post a Comment
Read more

CAN I CHANGE MY MIND ABOUT THE INHERITANCE I RECEIVED AND ASK FOR SOMETHING ELSE ?.

By Editor
#iip_updates . #Information_is_Power . Read more here https://informationispowah.blogspot.com/2023/07/can-i-change-my-mind-about-inheritance.html in the link. #we_inform_the_uninformed . Okello lost his wife 20 years ago and decided to only focus on their Mateo, Yona and Yosefu. 20 years later, Okello had 7 acres of land, a successful poultry business, and sinotrucks for hire. Early this year, Okello got a call telling him that one of his trucks knocked a boda boda. Okello decided to rush to see if he could sort it out before police became involved. Unfortunately, he never made it, as he was entering the main road, another trailer rammed into him and killed him instantly.   After Okello had been laid to rest, his sons sat down and divided the property amongst themselves. However, of late, Yosefu the last born has started complaining that he was cheated, and he wants to be given something else because most of the chicken in the chicken business died of a fever.   Can ...
Post a Comment
Read more