While the technological revolution is boosting the world, it is also creating vulnerability issues. One of the most threatening and rising problems is hacking or cybersecurity breach. Recently people witnessed several security issues including data theft and malware attacks.

It was also revealed that the hackers have been exploiting several websites to deliver fake software update notices to more than 100,000 users in an attempt to trick them and make them download malware in their systems.

How does the hackers trap the users?

As per the tech security company Zscaler, the hackers breached into WordPress sites by using theme plugin vulnerability and infected compromised site by malicious redirect scripts. Through this process, the cybercriminals achieve success in displaying a fake Flash Player update alert to the user to trick them into starting a software update.

Once the website user clicks on the update button, it automatically downloads malicious files. The same thing happens if they click on the "Later" button which then takes the users to the same page to download the malicious file.

A compromised WordPress site with the fake Flash Player update page
A compromised WordPress site with the fake Flash Player update page. Zscaler

The game of RAT malware

Security researchers claimed that if the user agrees to download malicious files, the Remote Access Trojan (RAT) malware, which is a program that includes a back door for administrative control over the target computer, send the victim's information in an encrypted format to the threat actor's site and then the hacker will have a complete access to the user's computer.

Zscaler told ZDNet that after the successful installation process, "it will send the acknowledgement to the attacker with the details of the infected machine. Since the installed malware is a RAT, the attacker can connect to the installed client and then perform the activities supported by the RAT including file downloads/uploads and execution."

Zscaler also mentioned that as of now the hackers sent fake updates to 113,000 unique users. The team of cybersecurity researchers added that it had blocked over 40,000 malicious attacks in the past three months.