October 6, 2022

TheCyberThrone

Thinking Security ! Always

Deploying RAT through Weaponizing DDoS Protection

Researchers have discovered a new threat campaign by NetSupport RAT, linked to ransomware campaigns and downloads of data-stealing malware Racoon Stealer. This was designed to trick users into downloading malware capable of hijacking their machine.

The attacks begin with a malicious JavaScript injection designed to target WordPress sites, resulting in a fake Cloudflare DDoS protection pop-up.

Advertisements

The infected computer could be used to pilfer social media or banking credentials, detonate ransomware, or even entrap the victim into a nefarious ‘slave’ network, extort the computer owner, and violate their privacy all depending on what the attackers decide to do with the compromised device – warned researchers.

The security vendor urged webmasters to keep all software updated, use strong passwords and two-factor authentication, deploy a firewall in front of their website, and use file integrity monitoring to better spot suspicious activity.

Website owners and visitors alike must take all precautions to protect themselves.

Website owners:

  • Keep all software on your website up to date
  • Use strong passwords with MFA
  • Place your website behind a firewall service
  • Employ file integrity monitoring

Regular website visitors:

  • Make sure your computer is running a robust antivirus program
  • Place 2FA on all important logins
  • Practice good browsing habits; don’t open strange files!
  • Keep your browser and all software on your computer updated/patched
  • Use a script blocker in your browser (advanced)

This research was done and documented by researchers from Sucuri

%d bloggers like this: