• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
over 16,500 sites hacked to distribute malware via web redirect

Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service

You are here: Home / General Cyber Security News / Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service
April 12, 2022

A new site visitors course program (TDS) called Parrot has been spotted leveraging tens of countless numbers of compromised web sites to start additional malicious campaigns.

“The TDS has contaminated many web servers hosting a lot more than 16,500 web-sites, ranging from adult content material web-sites, personal web-sites, university web pages, and area governing administration internet sites,” Avast scientists Pavel Novák and Jan Rubín mentioned in a report revealed past 7 days.

Traffic route methods are used by risk actors to decide no matter whether or not a concentrate on is of fascination and should be redirected to a malicious area beneath their management and act as a gateway to compromise their techniques with malware.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

Before this January, the BlackBerry Research and Intelligence Staff thorough an additional TDS termed Prometheus that has been put to use in distinct strategies mounted by cybercriminal teams to distribute Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish malware.

What tends to make Parrot TDS stand out is its big access, with enhanced exercise noticed in February and March 2022, as its operators have primarily singled out servers hosting poorly secured WordPress sites to acquire administrator entry.

Most of the consumers qualified by these malicious redirects are found in Brazil, India, the U.S, Singapore, Indonesia, Argentina, France, Mexico, Pakistan, and Russia.

“The infected sites’ appearances are altered by a marketing campaign called FakeUpdate (also identified as SocGholish), which makes use of JavaScript to display screen phony notices for end users to update their browser, featuring an update file for obtain,” the scientists said. “The file observed remaining sent to victims is a remote accessibility resource.”

CyberSecurity

Parrot TDS, by means of an injected PHP script hosted on the compromised server, is created to extract consumer info and forward the ask for to the command-and-management (C2) server on viewing just one of the infected internet sites, in addition to enabling the attacker to accomplish arbitrary code execution on the server.

The response from the C2 server will take the sort of JavaScript code which is executed on the shopper machine, exposing the victims to probable new threats. Also observed together with the destructive backdoor PHP script is a web shell that grants the adversary persistent remote accessibility to the web server.

Contacting the prison actors at the rear of the FakeUpdate campaign a widespread consumer of Parrot TDS, Avast reported the attacks involved prompting users to down load malware less than the guise of rogue browser updates, a remote access trojan named “ctfmon.exe” that offers the attacker comprehensive access to the host.

Identified this posting intriguing? Adhere to THN on Fb, Twitter  and LinkedIn to examine additional special information we write-up.


Some sections of this posting are sourced from:
thehackernews.com

Previous Post: «microsoft takes down domains used in cyberattack against ukraine Microsoft Takes Down Domains Used in Cyberattack Against Ukraine
Next Post: Google Sues Scammer for Running ‘Puppy Fraud Scheme’ Website google sues scammer for running 'puppy fraud scheme' website»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Dark Web Actors Fight For Drug Trafficking and Illegal Pharmacy Supremacy
  • Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL
  • New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
  • UK insurer announces ‘world-first’ cyber catastrophe bond
  • Why Do User Permissions Matter for SaaS Security?
  • FCC plans strict overhaul of 15-year-old US data breach regulations
  • Security updates for Windows 7 finally end, users urged to upgrade
  • Global Cyber-Attack Volume Surges 38% in 2022
  • Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands
  • Threat Actors Spread RAT Via Pokemon NFT Card Site

Copyright © TheCyberSecurity.News, All Rights Reserved.