Sucuri, a GoDaddy-owned cybersecurity business; says hackers are employing phoney DDoS-protection pages to install malware.
Hackers hijack WordPress sites to display phoney DDoS pages. Therefore, These sites display a fake Cloudflare DDoS-protection pop-up. The pop-up will download a malicious ISO file after they click it.
The assault exploits DDoS-protection pages that display on websites to stop bots and other malicious web traffic from taking them down. To show they’re human, visitors must solve a CAPTCHA.
More From Us:Dark Mode on MacOS Screen
Fake DDoS-protection pages download a file called “security install.iso” The WordPress site will then display a pop-up asking the user to install the ISO file to get a verification code.
“Most users don’t realise this file is a remote access trojan,” Martin stated. This allows a hacker to remotely take over a victim’s computer.
Malwarebytes says the ISO file is a ransomware infection named Netsupport RAT. The same malicious malware can install RacoonStealer, which steals passwords and other user details.
Be wary when your PC’s browser downloads a suspicious file, even from a legitimate web security service. “Malicious actors will use any means available to compromise computers and infect victims,” Martin said.