Researchers have discovered a new threat campaign by NetSupport RAT, linked to ransomware campaigns and downloads of data-stealing malware Racoon Stealer. This was designed to trick users into downloading malware capable of hijacking their machine.
The attacks begin with a malicious JavaScript injection designed to target WordPress sites, resulting in a fake Cloudflare DDoS protection pop-up.
The infected computer could be used to pilfer social media or banking credentials, detonate ransomware, or even entrap the victim into a nefarious ‘slave’ network, extort the computer owner, and violate their privacy all depending on what the attackers decide to do with the compromised device – warned researchers.
The security vendor urged webmasters to keep all software updated, use strong passwords and two-factor authentication, deploy a firewall in front of their website, and use file integrity monitoring to better spot suspicious activity.
Website owners and visitors alike must take all precautions to protect themselves.
Website owners:
- Keep all software on your website up to date
- Use strong passwords with MFA
- Place your website behind a firewall service
- Employ file integrity monitoring
Regular website visitors:
- Make sure your computer is running a robust antivirus program
- Place 2FA on all important logins
- Practice good browsing habits; don’t open strange files!
- Keep your browser and all software on your computer updated/patched
- Use a script blocker in your browser (advanced)
This research was done and documented by researchers from Sucuri
