Sucuri, a cybersecurity company owned by GoDaddy, claims that a group of hackers has been tricking customers into installing malware by creating phony DDoS protection pages.

WordPress-powered websites are being taken over by hackers to show phony DDoS protection pages. Visitors to these websites notice a pop-up posing as a Cloudflare DDoS protection service. However, the pop-up will download a malicious ISO file to their PC after they click the prompt.

In an effort to prevent bots and other unwanted web traffic from barrage the website and bring the service to a halt, the attack takes advantage of the way DDoS -protection pages will occasionally show on websites you try to visit. Visitors must complete a CAPTCHA test to demonstrate that they are human.

” alt=”Bogus DDoS Protection Page”>

(Credit: Sucuri) By inserting a line of JavaScript code into the hacked WordPress sites, the hackers in this scenario are able to serve up the bogus DDoS protection pages. According to a blog post by Sucuri security researcher Ben Martin wrote (Opens in a new window) , since these kinds of browser checks are so prevalent online, many people wouldn’t hesitate before clicking this prompt to access the page they’re trying to visit.

A file called security install.iso will be downloaded to the victim’s PC via the phony DDoS protection pages. The user is then prompted by another pop-up window from the WordPress website to install the ISO file in order to receive a verification code.

13 security vendors (Opens in a new window) as of the time this article was written, according to Martin. This indicates that a hacker may use the malware to remotely control a victim’s machine.


The Top Malware Removal and Security Programs”
” alt=””>

The ISO file is actually malware known as Netsupport RAT (remote access trojan), which has been used in ransomware assaults, claims antivirus vendor Malwarebytes. RacoonStealer (Opens in a new window) , a malicious program that may steal passwords and other user credentials from a compromised PC, can also be installed by the same malicious malware.

The incident serves as a warning to be wary if your PC’s browser downloads an enigmatic file, even from what appears to be a reliable web security provider. Martin noted that malicious actors will use all means at their disposal to infiltrate computers and infect unknowing users with malware.

APPRECIATE WHAT YOU JUST READ? For direct delivery of our top privacy and security stories to your inbox, subscribe to the SecurityWatch newsletter.

Advertisements, discounts, and affiliate links could be found in this newsletter. You agree to our Terms of Use and Privacy Policy by subscribing to a newsletter. You are always free to unsubscribe from the newsletters.


You may also like