January 22, 2024 at 03:15PM
Security researchers discovered the Parrot traffic direction system (TDS) to be rapidly evolving, enhancing its malicious capabilities. Targeting vulnerable WordPress and Joomla sites, it infects and redirects users to malicious locations, with 16,500 websites affected. The TDS operators sell the traffic to threat actors, who profile and redirect users to phishing pages or deliver malware. The system’s evasive nature necessitates vigilance from website owners in detecting and preventing its activities.
Key takeaways from the meeting notes are:
1. The Parrot traffic direction system (TDS) has evolved with optimizations to make malicious code more stealthy against security mechanisms.
2. The system targets vulnerable WordPress and Joomla sites, infecting websites to sell traffic to threat actors.
3. Security researchers have found that the Parrot TDS is still very active and its operators continue to work on making their JavaScript injections harder to detect and remove.
4. The Parrot TDS landing scripts have evolved through four distinct versions, with the latest version introducing enhanced obfuscation and complex code structures.
5. The core functionality of the landing script remains consistent despite additional obfuscation and changes in code structure.
6. Payload scripts responsible for performing user redirection have evolved through nine variants, with versions 4-9 featuring intricate obfuscation layers.
7. Website owners are advised to take specific measures, such as searching for rogue PHP files, scanning for specific keywords, and using firewalls and URL filtering tools to block malicious traffic.
These takeaways illustrate the evolution and threat posed by the Parrot TDS, highlighting the need for vigilance and proactive security measures for website owners.