April 8, 2022

Avast researchers have uncovered the activities of a new traffic direction system (TDS) called Parrot. Parrot, just like other TDS tools, is used to redirect victims to online resources and websites with malware.

According to the researchers, Parrot TDS is used for a campaign called FakeUpdate. FakeUpdate delivers remote access trojans (RATs) via fake browser update notifications.

While the campaign began in February 2022, Parrot activity began as early as October 2022, according to the researchers.

“One of the main things that distinguish Parrot TDS from other TDS is how widespread it is and how many potential victims it has. The compromised websites we found appear to have nothing in common, apart from servers hosting poorly secured CMS sites, like WordPress sites,” Avast’s report stated.

Most of the users affected by these malicious redirections were in Brazil, India, the United States, Singapore and Indonesia.

Admins with compromised web servers can remedy this by following Avast security tips. This includes scanning all files on the web server with an antivirus, replacing all JavaScript and PHP files on the web server with original files, and using the latest CMS version and plugins.

Other tips include checking for automatically running tasks, using unique and strong credentials for all services, and using some of the available security plugins for WordPress and Joomla.

The sources for this piece include an article in BleepingComputer.