As reported by Hacker News,
A new traffic direction system (TDS) called Parrot has been spotted leveraging tens of thousands of compromised websites to launch further malicious campaigns. Traffic direction systems are used by threat actors to determine whether or not a target is of interest and should be redirected to a malicious domain under their control and act as a gateway to compromise their systems with malware. What makes Parrot TDS stand out is its huge reach, with increased activity observed in February and March 2022, as its operators have primarily singled out servers hosting poorly secured WordPress sites to gain administrator access.
When the importance of updating devices and systems is drummed into us, it is no surprise that threat actors exploit this and have attempted to tap into this mindset and place the malware right in the patches. Browser updates are very important but users must still remain vigilant as to where these updates are coming from and in what format these such updates are in. People must remain very cautious of file extensions but especially .exe files which can often be the most damaging. This particular malware offers the malicious actors full remote access making this extremely dangerous should anyone execute the action. If anyone believes they have clicked on this, it is advised to run an antivirus scan.