A persistent, widespread malware campaign that utilizes compromised Apache servers is locking users’ computers and demanding a fee of US$300 to free their data.
Researchers from Eset wrote that the ransomware scam is an extension of a long-running attack that compromises the infrastructure of web hosting companies with a variant of a malicious Apache module called “Darkleech.”
“Malicious modification of server binaries seems to be a very popular trend for malware distribution,” wrote Sebastien Duquette, an Eset malware researcher, on a company blog.
Eset also suspects that hackers also may have figured out how to compromise CPanel and Plesk, which are both software programs used by hosting companies to manage their networks and websites.
Darkleech tampers with websites hosted on an Apache server. It loads an iframe into a web page and redirects a victim to a malicious URL that hosts the Blackhole exploit kit, Duquette wrote. Eset detected at least 270 websites that redirected victims this way in the last week.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
A worrying trend for Australians The Latitude Financial attack clearly…
It is not unusual for companies to keep hold of…
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…