Sucuri, a cybersecurity company owned by GoDaddy, claims that a group of hackers has been tricking customers into installing malware by creating phony DDoS protection pages.
WordPress-powered websites are being taken over by hackers to show phony DDoS protection pages. Visitors to these websites notice a pop-up posing as a Cloudflare DDoS protection service. However, the pop-up will download a malicious ISO file to their PC after they click the prompt.
In an effort to prevent bots and other unwanted web traffic from barrage the website and bring the service to a halt, the attack takes advantage of the way DDoS -protection pages will occasionally show on websites you try to visit. Visitors must complete a CAPTCHA test to demonstrate that they are human.
A file called security install.iso will be downloaded to the victim’s PC via the phony DDoS protection pages. The user is then prompted by another pop-up window from the WordPress website to install the ISO file in order to receive a verification code.
The Top Malware Removal and Security Programs”
The ISO file is actually malware known as Netsupport RAT (remote access trojan), which has been used in ransomware assaults, claims antivirus vendor Malwarebytes. RacoonStealer (Opens in a new window) , a malicious program that may steal passwords and other user credentials from a compromised PC, can also be installed by the same malicious malware.
The incident serves as a warning to be wary if your PC’s browser downloads an enigmatic file, even from what appears to be a reliable web security provider. Martin noted that malicious actors will use all means at their disposal to infiltrate computers and infect unknowing users with malware.
APPRECIATE WHAT YOU JUST READ? For direct delivery of our top privacy and security stories to your inbox, subscribe to the SecurityWatch newsletter.