DDoS-Protection Pages

WordPress DDoS-Protection Pages Serve Malware

DDoS-Protection Pages

Sucuri, a GoDaddy-owned cybersecurity business; says hackers are employing phoney DDoS-protection pages to install malware.

Hackers hijack WordPress sites to display phoney DDoS pages. Therefore, These sites display a fake Cloudflare DDoS-protection pop-up. The pop-up will download a malicious ISO file after they click it.

The assault exploits DDoS-protection pages that display on websites to stop bots and other malicious web traffic from taking them down. To show they’re human, visitors must solve a CAPTCHA.
In this example, hackers add JavaScript code to stolen WordPress sites to serve phoney DDoS-protection pages. “Because these browser checks are so common online, many users wouldn’t think twice before clicking,” Sucuri security researcher Ben Martin stated in a blog post.

More From Us:Dark Mode on MacOS Screen

Fake DDoS-protection pages download a file called “security install.iso” The WordPress site will then display a pop-up asking the user to install the ISO file to get a verification code.

“Most users don’t realise this file is a remote access trojan,” Martin stated. This allows a hacker to remotely take over a victim’s computer.
Malwarebytes says the ISO file is a ransomware infection named Netsupport RAT. The same malicious malware can install RacoonStealer, which steals passwords and other user details.

Be wary when your PC’s browser downloads a suspicious file, even from a legitimate web security service. “Malicious actors will use any means available to compromise computers and infect victims,” Martin said.

Leave a Comment

Your email address will not be published.