Security News > 2022 > June > Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network

Parrot TDS was documented in April 2022 by Czech cybersecurity company Avast, noting that the PHP script had ensnared web servers hosting more than 16,500 websites to act as a gateway for further attack campaigns.

The goal of the JavaScript code is to kick-start the second phase of the attack, which is to execute a PHP script that's already deployed on the ever and is designed to gather information about a site visitor and transmit the details to a remote server.

The third layer of the attack arrives in the form of a JavaScript code from the server, which acts as a traffic direction system to decide the exact payload to deliver for a specific user based on the information shared in the previous step.

The most commonly used third-stage malware is a JavaScript downloader named FakeUpdates.

In 2021 alone, Sucuri said it removed Parrot TDS from nearly 20 million JavaScript files found on infected sites.

In the first five months of 2022, over 2,900 PHP and 1.64 million JavaScript files have been observed containing the malware.

News URL

https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html