Parrot is Used to Conduct Malicious Campaigns

Parrot TDS (Traffic Direction System) has infected various web servers hosting more than 16,500 websites, ranging from adult content sites, personal websites, university sites, and local government sites.

The situation discovered by Avast and is currently being used to run a campaign called FakeUpdate that distributes the NetSupport Remote Access Trojan (RAT) via fake browser update notifications.

FakeUpdate Campaign (From Avast’s post)

Parrot TDS acts as a gateway for further malicious campaigns to reach potential victims. Attackers buy TDS services to filter incoming traffic and send it to the final destination serving malicious content.

According to Avast analysts, activity in TDS servers increased in February 2022 by detecting suspicious JavaScript files on compromised web servers.

A detailed technical analysis shared by Avast here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s