Sunday, September 25

Fake WordPress DDoS Pages Launched to Deliver Malware | Digital Trends Spanish

Hackers are driving the distribution of dangerous malware through websites of wordpress via fake distributed denial of service protection pages (DDoS) from Cloudflare, according to a new report.

As reported by PCMag Y bleeping computerWordPress-based websites are being hacked by threat actors, with NetSupport RAT and a password-stealing Trojan (RaccoonStealer) being installed if victims fall for the trick.

The cybersecurity firm Sucuri detailed how hackers are breaching WordPress sites that don’t have a strong security foundation to deploy JavaScript payloads, which in turn show fake Cloudflare protection DDoS alerts.

Once someone visits one of these compromised sites, it will prompt them to physically click a button to confirm the DDoS protection check. That action will lead to the download of a “security_install.iso” file on the system.

From here, the instructions ask the individual to open the infected file that is disguised as a program called DDOS GUARD, in addition to entering a code.

Another file, security_install.exe, is also present: a Windows shortcut that runs a PowerShell command via the debug.txt file. Once the file is opened, NetSupport RAT, a popular Remote Access Trojan, loads onto the system. Scripts that are run once they gain access to the PC will also install and launch the Raccoon Stealer password stealing Trojan.

Originally shut down in March 2022, the Raccoon Stealer returned in June with a series of updates. Once successfully opened on a victim’s system, Raccoon 2.0 will search for passwords, cookies, autofill data, and credit card details that are stored and saved in web browsers. It can also steal files and take desktop screenshots.

As Bleeping Computer highlights, DDoS protection screens are starting to become the norm. Its purpose is to protect websites from malicious bots that seek to disable their servers by flooding them with traffic. However, it seems that hackers have now found a loophole to use such screens as a disguise to spread malware.

With this in mind, Sucuri advises WordPress administrators to look at their theme files, which is where threat actors are concentrating their efforts. Also, the security website emphasizes that ISO files will not be involved with DDoS protection screens, so make sure you don’t download anything of the sort.

Hacking, malware, and ransomware activity has become increasingly common throughout 2022. For example, a hacking-as-a-service scheme offers the ability to steal user data for just $10. As always, be sure to beef up your passwords and enable two factor authentication across all your devices and accounts.

Publisher Recommendations