Experts Find Malware Controlling Thousands of Websites in Parrot TDS Network

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

The Parrot traffic direction system (TDS) that surfaced recently had a huge impact than what was thought earlier, research suggests. The malware affected more than 61,000 websites and was one of the top infections. Parrot TDS was first identified in April 2022 by cybersecurity company Avast, the PHP script had affected web servers that hosted more than 16,500 websites, acting as a gateway for future malware campaigns. It includes appending a part of infected code to all JavaScript files on affected web servers that host content management systems (CMS) like WordPress, these are attacked because of their weak login credentials and flawed plugins. 

“In 2021 alone, Sucuri said it removed Parrot TDS from nearly 20 million JavaScript files found on infected sites. In the first five months of 2022, over 2,900 PHP and 1.64 million JavaScript files have been observed containing the malware,” reports The Hacker News. Alongside the use of sneaky techniques to hide the code, the “injected JavaScript may also be found well indented so that it looks less suspicious to a casual observer,” said Denis Sinegubko, expert at Sucuri says. 

The aim of the JavaScript code is to jump-start the second phase of the attack, to deploy a PHP script that has been already injected on the server and is built to obtain information about website visitor, (for ex- IPs, browser, referrer, etc.) and send the details to a remote server. The third phase of the attack surfaces as a Javascript code, it works as a traffic direction system to find out the specific payload to send for a particular user based

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: