"Malicious Web Redirect Scripts Stealth up to Hide on Hacked Sites"

Security researchers analyzed over 10,000 scripts used by the Parrot Traffic Direction System (TDS) and discovered an evolution involving optimizations that make malicious code more stealthy against security mechanisms. The cybersecurity company Avast discovered Parrot TDS in April 2022. The TLD is believed to have been active since 2019 as part of a campaign that targets vulnerable WordPress and Joomla sites with JavaScript code capable of redirecting users to a malicious location. According to Avast researchers, Parrot had infected at least 16,500 websites, suggesting a large-scale operation. The Parrot operators sell the traffic to threat actors, who then use it against those visiting infected sites. Targets are profiled and redirected to phishing pages or locations that deliver malware. This article continues to discuss findings regarding the Parrot TDS.

Bleeping Computer reports "Malicious Web Redirect Scripts Stealth up to Hide on Hacked Sites"

Submitted by grigby1

Submitted by Gregory Rigby on