Hackers are pushing the distribution of dangerous malware via WordPress websites through bogus Cloudflare distributed denial of service (DDoS) protection pages, a new report has found.
As reported by PCMag and Bleeping Computer, websites based on the WordPress format are being hacked by threat actors, with NetSupport RAT and a password-stealing trojan (RaccoonStealer) being installed if victims fall for the trick.
Digital Trends Graphic
Cybersecurity firm Sucuri detailed how hackers are breaching WordPress sites that don’t have a strong security foundation in order to implement JavaScript payloads, which in turn showcase fake Cloudflare protection DDoS alerts.
Once someone visits one of these compromised sites, it will direct them to physically click a button in order to confirm the DDoS protection check. That action will lead to the download of a ‘security_install.iso’ file to one’s system.
From here, instructions ask the individual to open the infected file that is disguised as a program called DDOS GUARD, in addition to entering a code.
Another file, security_install.exe, is present as well — a Windows shortcut that executes a PowerShell command via the debug.txt file. Once the file is opened, NetSupport RAT, a popular remote access trojan, is loaded onto the system. The scripts that run once they have access to the PC will also install and launch the Raccoon Stealer password-stealing trojan.
Originally shut down in March 2022, Raccoon Stealer made a return in June with a range of updates. Once successfully opened on a victim’s system, Raccoon 2.0 will scan for passwords, cookies, auto-fill data, and credit card details that are stored and saved on web browsers. It can also steal files and take screenshots of the desktop.
As highlighted by Bleeping Computer, DD ..
Support the originator by clicking the read the rest link below.
