Security researchers are sounding the alarm about a threatening traffic-directing system named Parrot.
The new redirect service is described as the root cause of the infection of more than 16,500 different servers hosting various sectors such as universities, blogs, adult sites and even local governments.
This new TDS is known to redirect vulnerable victims who match a particular target profile to different sources on the web like malicious sites or phishing programs.
Actors running these malicious campaigns begin the process by buying the TDS so they can selectively control the incoming target while transferring it to another location that has a similar malicious theme.
Routinely, most of the TDS services are used by those who belong to the marketing industry and that is why there are credible reports showing how similar campaigns have also been conducted in the recent past.
Parrot has been reported as detected by security analysts who work for Avast. They recently made claims on how the campaign was used for FakeUpdate which used fake browsers to deliver update notices on Remote Access Trojans, better known as RATs.
Although the malicious incident could have been reported in February this year, there are many signs that it has been very active since October 2021.
Security analysts have also shed light on how users can distinguish the alarming Parrot TDS from a number of others by the range of its reach and the number of targeted victims affected.
Also, analysts claim that these malicious websites may not have too much similar results apart from the servers hosting some insecure CMS websites.
The new malicious web in place is based on poor servers that were set up by hackers who directed it to a number of locations via the parrot pattern.
In the last month alone, Avast was able to secure almost 600,000 vulnerable targets through its various services, preventing them from traveling to these infected areas. And that only shows the huge potential of the Parrot gateway.
Common nations affected by Parrot also included India, Singapore, Brazil, Indonesia, and the United States. But new details emerging have shown how Parrot can fine-tune its filters to target a particular user’s profile among hundreds of others.
They are known to achieve this by forwarding the target to special URLs which have detailed network profiles and intricately designed software.
And while the RAT initiative may be the primary target of TDS, security experts believe that some of the affected servers actually serve as hosts for various phishing sites. And while their homepages may look authentic like Microsoft’s classic login, they’re not. Hence, users end up adding their credentials for the accounts and become targeted.
But is there a solution to this problem? Well, Avast has been generous enough to point out a few noteworthy tips:
- Administrators can scan their files using antivirus software
- Use the latest CMS version with additional plugins
- Keep an eye on tasks that run automatically
- Use strong credentials for all accounts, including using 2FA if needed
- Add security plugins for vulnerable sites like WordPress
Read next: New FFDroider malware hacks social media accounts by stealing browser data