"DDoS Protection Weaponized to Deliver RATs"

Security researchers at Sucuri have discovered a new threat campaign designed to trick users into downloading malware capable of hijacking their machine.  The researchers stated that the attacks begin with a malicious JavaScript injection designed to target WordPress sites, resulting in a fake Cloudflare DDoS protection pop-up.  The researchers noted that these have become increasingly popular over recent years as website owners struggle to detect legitimate users from pervasive bot traffic.  The researchers stated that since these types of browser checks are so common on the web, many users wouldn’t think twice before clicking this prompt to access the website they’re trying to visit.  However, the prompt actually downloads a malicious .iso file onto the victim’s computer.  The researchers stated that most users do not realize that this file is a remote access Trojan (RAT), currently flagged by 13 security vendors.  The researchers noted that the malware in question was identified as the NetSupport RAT, linked to ransomware campaigns and downloads of data-stealing malware RacoonStealer.  The researchers stated that the infected computer could be used to steal social media or banking credentials, detonate ransomware, or even entrap the victim into a nefarious ‘slave’ network, extort the computer owner, and violate their privacy.  The researchers urged website admins to keep all software updated, use strong passwords and two-factor authentication, deploy a firewall in front of their website, and use file integrity monitoring to better spot suspicious activity.  The researchers noted that RATs are regarded as one of the worst types of infections that can affect a computer as it gives the attackers full control over the device.  

Infosecurity reports: "DDoS Protection Weaponized to Deliver RATs"