Security researchers have discovered a new threat campaign designed to trick users into downloading malware capable of hijacking their machine.
Discovered by Sucuri, the attacks begin with a malicious JavaScript injection designed to target WordPress sites, resulting in a fake Cloudflare DDoS protection pop-up.
These have become increasingly popular over recent years as website owners struggle to detect legitimate users from pervasive bot traffic.
“Since these types of browser checks are so common on the web many users wouldn’t think twice before clicking this prompt to access the website they’re trying to visit. However, the prompt actually downloads a malicious .iso file onto the victim’s computer,” Sucuri said in a blog post.
“What most users do not realise is that this file is in fact a remote access Trojan (RAT), currently flagged by 13 security vendors at the time of writing this article.”
The malware in question was identified as the NetSupport RAT, linked to ransomware campaigns and downloads of data-stealing malware RacoonStealer.
“The infected computer could be used to pilfer social media or banking credentials, detonate ransomware, or even entrap the victim into a nefarious ‘slave’ network, extort the computer owner, and violate their privacy – all depending on what the attackers decide to do with the compromised device,” warned Sucuri.
The security vendor urged webmasters to keep all software updated, use strong passwords and two-factor authentication, deploy a firewall in front of their website, and use file integrity monitoring to better spot suspicious activity.
“RATs are regarded as one of the worst types of infections that can affect a computer as it gives the attackers full control over the device,” Sucuri concluded.
“At that point, the victim is at their mercy. Website owners and visitors alike must take any and all precautions to protect themselves.”