WordPress sites hacked with malware-laden fake Cloudflare DDoS alerts TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. WordPress sites hacked with malware-laden fake Cloudflare DDoS alerts By Sead Fadilpašić published 23 August 2022 Scam opens victims up to data theft (Image credit: FrameStockFootages / Shutterstock) Audio player loading… Hackers are using a familiar distributed denial of service (DDoS (opens in new tab)) protection page to trick people into downloading malware (opens in new tab), researchers are saying. According to cybersecurity firm Sucuri, an unknown threat actor has been modifying poorly secured WordPress sites (opens in new tab) and adding a fake Cloudflare DDoS protection landing page. A DDoS attack works by sending large amounts of internet traffic to a website, overwhelming it and preventing actual users from accessing it. But DDoS protection pages don't usually require users to download anything. DDOS GUARD The landing page discovered by researchers tells the visitor to download an application called "DDOS GUARD", which will supposedly provide them with a code to enter into the site. However, the application would in fact download the NetSupport RAT, once a legitimate program for troubleshooting and tech support, since hijacked by cybercriminals and turned into a remote access trojan.Read more> Google says it has blocked another huge DDoS attack (opens in new tab) > Battle.net hit by huge DDoS attack (opens in new tab) > Get ultimate device protection with the very best antivirus (opens in new tab) Furthermore, the RAT also downloads an infostealer malware called Raccoon Stealer. This malware steals passwords and cookies, as well as any payment data stored in the browser, including cryptocurrency wallet credentials. It can also steal other types of data and take screenshots. As a result, the visitors would hand cybercriminals full access to their computer, and plenty of sensitive data. To defend against the campaign, BleepingComputer says, IT teams should check the theme files of their WordPress sites, as that's the most common infection point. Internet users, on the other hand, need to enable strict script blocking in their browser, even though if it meant losing most of website functionalities.These are the best endpoint protection (opens in new tab) services right now Via BleepingComputer (opens in new tab) Sead Fadilpašić Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie3Google Pixel Tablet is what Apple should've done ages ago4RTX 4090 too expensive? Nvidia resurrects another old favorite5More than one million credit card details leaked online1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2iPhone 15 tipped to come with an upgraded 5G chip3If this feature succeeds for Modern Warfare 2, Microsoft can't ignore it4Apple October launches: the new devices we might see this month5The Rings of Power episode 8 trailer feels like one big Sauron misdirect Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)