Hackers are using a familiar Distributed Denial of Service (DDoS-Opens in New Tab) protection page to trick people into downloading (Opens in New Tab) malware, researchers say.
According to cybersecurity firm Sucuri, an unknown threat actor modified poorly protected WordPress sites (opens in a new tab) and added a fake Cloudflare DDoS protection landing page.
A DDoS attack works by sending large amounts of internet traffic to a website, overwhelming it and preventing real users from accessing it. But DDoS protection pages usually don't require users to download anything.
DDOS GUARD
The landing page discovered by the researchers instructs the visitor to download an application called "DDOS GUARD", which will supposedly provide them with a code to enter the site.
However, the app would actually download NetSupport RAT, which was once a legitimate troubleshooting and technical support program, but was later hijacked by cybercriminals and turned into a remote access Trojan.
In addition, the RAT also downloads information-stealing malware called Raccoon Stealer. This malware steals passwords and cookies, as well as all payment data stored in the browser, including cryptocurrency wallet credentials. It can also steal other types of data and take screenshots.
As a result, visitors would give cybercriminals full access to your computer and many sensitive data.
To defend against the campaign, says BleepingComputer, IT teams should check the theme files of their WordPress sites, as this is the most common point of infection. Internet users, on the other hand, should enable strict script blocking in their browser, even if it means losing most of the website's functionality.
Via BleepingComputer (Opens in a new tab)