This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Threat actors responsible for the BazaLoader malware designed a brand-new bait to trick website owners into opening malicious files: fake notifications concerning the internet site being engaged in distributed denial-of-service (DDoS) assaults.
The notifications contain a legal risk and a file stored in a Google Drive directory that supposedly provides evidence of the source of the strike.
Phony lawful threats
The DDoS theme is a variation of another bait, a Digital Millennium Copyright Act (DMCA) infringement complaint, link to data that allegedly includes documentation of copyright infringement.
Brian Johnson, a website developer, and designer posted last week concerning his two clients receiving legal notifications about their websites being actually hacked to operate DDoS assaults versus a major company (Intuit, Hubspot). The sender was threatened with a lawsuit unless the recipients failed to “immediately clean” their website of the malicious files that assisted in deploying the DDoS attack.
Scammers Use Fake DMCA Complaints, DDoS Threats to Deploy BazaLoader Malware