Scammers hack websites to provide fake software update notifications to more than 100,000 web users to invite them to download malware that can take control of their computer.
The hacking campaign has two variants, according to the security company Zscaler, who detected it. In the first version, scammers hack unsecured WordPress sites using the theme plugin vulnerability and inject malicious redirect scripts into the compromised site. This allows them to display a false Flash Player update alert to the user on the compromised site, which is intended to entice visitors to the website to start a software update.
.If any user clicks the button written update, the script starts to download the malware from the very beginning. Even if the user clicks the "Later" button, the redirect always occurs, causing the user on the same page to download the malicious file.
SEE: A Winning Strategy for Cybersecurity (ZDNet Special Report) | Download the report in PDF format (TechRepublic)
If installed, the Remote Access Trojan (RAT) malware will send victim information in an encrypted format to the attacker's site, allowing remote access to the victim's PC.
"Once the installation is successful, it will send the acknowledgment with the details of the infected machine.As the installed malware is a RAT, the attacker can connect to the installed client, then perform the activities supported by the RAT, including downloading files / downloads and running, "Zscaler told ZDNet.
you may read this article too , Vidmate apk download install, if yes then click here
Attackers have tracked the number of visitors to compromised websites, Zscaler said, and so far, 113,000 unique users have been served by the fake update pages. The Zscaler ThreatLabZ team has reportedly blocked more than 40,000 malicious attacks related to this campaign in the last three months.
A variation of the attack occurs when a Web user visits one of the compromised sites using the Chrome web browser. In this case, the user will receive an alert indicating that the 'PT Sans' font has not been found and asks him again to update.
Updating vulnerable content management systems running websites will prevent crooks from launching attacks. "It is therefore important that companies protect this public face against an attack that could put your business, your employees and your customers at risk," said Zscaler.
No comments:
Post a Comment