Crooks using hacked websites to download trojan malware

Last week, we issued an alert about a fake Windows update delivering ransomware. Now, cyber-crooks upped their game by hacking into legitimate WordPress websites, injecting redirect scripts, and displaying fake Flash Player update alerts.

According to ZDNet, if the user clicks the “Update” or “Later” buttons, the script takes the target to a fake download page to transfer the Trojan malware to the victim’s computer.

The malware is a Remote Access Trojan or RAT and allows the attacker to connect to the victim’s computer to perform file downloads, uploads, etc. So far, during the past three months, over 113,000 users have been served fake alerts.

There are two ways to protect ourselves from this attack:

First – Website owners must make sure the Content Management Systems (CMS) for their sites are fully updated. Attackers are gaining entry through systems that have not been updated.

Second – As users, you should not be updating any software on your computer via a website pop-up.  For third party software, either use the update facilities from the program already installed on your computer or visit the official third party’s site to download and install the update.

Remote Access Trojans (RATs) are a particularly nasty type of malware, giving attackers a backdoor to a target’s computer. Once in, a cyber-criminal can gain administrative control, distribute viruses, steal information, and gain entry to the entire network.

 XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 460+ Petabytes of data with over 1400+ employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause. Backup & Disaster Recovery | Business Continuity | Data Risk Assessment