Sites hacked with fake CloudFlare DDoS alerts infected with RATs

Remote Access Trojans (RATs) are new to me — apparently, you can get one on a Windows machine as a malware payload from fake CloudFlare DDoS alert pages on hacked WordPress sites.

Ben Martin at Sucuri explains “a recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims to download remote access trojan malware.”

Bill Toulas at BleepingComputer says additional scripts “will download the Raccoon Stealer password-stealing trojan and launch it on the device.”

Take care if you run into a site with a CloudFlare alert that seems sketchy. There’s not a lot else you can do. Toulas recommends “enabling strict script blocking settings” on your browser, which of course “will break the functionality of almost all sites.”

Post Status • Post Status – The Community for WordPress Professionals