Malicious Web Direct Service Infects 16,500 Sites To Spread Malware

Share post:

Avast researchers have uncovered the activities of a new traffic direction system (TDS) called Parrot. Parrot, just like other TDS tools, is used to redirect victims to online resources and websites with malware.

According to the researchers, Parrot TDS is used for a campaign called FakeUpdate. FakeUpdate delivers remote access trojans (RATs) via fake browser update notifications.

While the campaign began in February 2022, Parrot activity began as early as October 2022, according to the researchers.

“One of the main things that distinguish Parrot TDS from other TDS is how widespread it is and how many potential victims it has. The compromised websites we found appear to have nothing in common, apart from servers hosting poorly secured CMS sites, like WordPress sites,” Avast’s report stated.

Most of the users affected by these malicious redirections were in Brazil, India, the United States, Singapore and Indonesia.

Admins with compromised web servers can remedy this by following Avast security tips. This includes scanning all files on the web server with an antivirus, replacing all JavaScript and PHP files on the web server with original files, and using the latest CMS version and plugins.

Other tips include checking for automatically running tasks, using unique and strong credentials for all services, and using some of the available security plugins for WordPress and Joomla.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Nvidia unveils open-source AI model rivaling GPT-4

Nvidia has released NVLM 1.0, a powerful open-source artificial intelligence (AI) model that competes with proprietary systems like...

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways