More than tens of thousands of websites have been hacked. Cybercriminals are tricking victims into downloading malware by telling them their browsers are outdated and need to be updated in order to view the contents of the page.
Avast cybersecurity researchers Jan Rubin and Pavel Novak uncovered a phishing campaign in which an unknown threat actor compromised more than 16,000 WordPress and Joomla hosted websites with weak login credentials.
These are usually adult content websites, personal websites, university sites, and local government pages
Thousands of Websites Hacked – But How?:
After gaining access to these sites, the attackers would tpically set up a Traffic Direction System (TDS), Parrot TDS. A TDS is a web-based gate that redirects users to various content, depending on certain parameters. That allows the attackers to deploy malware only on the endpoints that are deemed a good target (poor cybersecurity measures, for example, or specific geographic locations).
Those that get the message to “update” their browser, will actually be served a Remote Access Trojan (RAT) called NetSupport Manager. It provides the attacker with a full access to the target endpoint.
“Traffic Direction Systems serve as a gateway for the delivery of various malicious campaigns via the infected sites,” said Jan Rubin, malware researcher at Avast. “At the moment, a malicious campaign called ‘FakeUpdate’ (also known as SocGholish) is being distributed via Parrot TDS, but other malicious activity could be performed in the future via the TDS.”
Besides being powered by either WordPress or Joomla, these websites have very little in common, which is why the researchers believe they were chosen for their weak passwords.
“The only thing the sites have in common is that they are WordPress and in some cases Joomla sites. We therefore suspect weak login credentials were taken advantage of to infect the sites with malicious code,” said Pavel Novak, ThreatOps Analyst at Avast. “The robustness of Parrot TDS and its huge reach make it unique.”
It’s common knowledge that the internet can be a dangerous place. If people aren’t cautious, they can fall victim to cyber attacks. Here are some of the best practices you should follow to safe online.
- Only visit websites that you know are safe or that you trust.
- Be vary of popups.
- Don’t click on anything unfamiliar.
- Make sure the URL (address of the website) is the same as the website you’re visiting.
If you want to ensure the safety of your family and loved ones on the internet, look no further! Cleanrouter’s wifi router is the only router you will need for all your parental control needs. It’s a safe router that offers you features like wifi filters, parental control, control wifi access, router controls etc. It even lets you put time restrictions, get email reports, block content by keywords and YouTube filters.