Numerous websites impacted by Parrot TDS campaign

The Hacker News reports that more than 61,000 websites have been impacted by the Parrot traffic detection system campaign, tracked as NDSW/NDSX by Sucuri, last year, after the same campaign was reported by Avast in April to have affected 16,500 websites. Content management system-hosting web servers that had been compromised would have all JavaScript files appended with malicious code, which is being hidden through various obfuscation techniques, Sucuri researchers revealed. The code would then introduce the attack's second phase, which involves the execution of a PHP script aimed at collecting site visitor data, which is then sent to remote servers. A server-based JavaScript code would then prompt the last stage of the attack, which usually involves the use of the FakeUpdates downloader, also known as SocGholish. "The NDSW malware campaign is extremely successful because it uses a versatile exploitation toolkit that constantly adds new disclosed and 0-day vulnerabilities. Once the bad actor has gained unauthorized access to the environment, they add various backdoors and CMS admin users to maintain access to the compromised website long after the original vulnerability is closed," said Sucuri researcher Denis Sinegubko.