• World CyberCon India
Cybersecurity News Firewall Daily

Hackers Target WordPress Sites with Fake Cloudflare DDoS Alerts

Hackers target WordPress with fake Cloudflare DDoS alert. Users asked to download and install ‘protective pages’ that were injected with remote access trojan malware.

Hackers Target WordPress Sites with Fake Cloudflare DDoS Alerts
  • PublishedAugust 24, 2022

Cybercriminals attacked several WordPress websites by sending fake CloudFlare DDoS pop-ups infected with remote access trojan malware. WordPress users were shown pop-ups that suggested downloading an update to protect their system. Upon downloading and installing the update, the infected files activated the trojan malware on the user’s device and multiple servers. The DDoS (distributed denial of service) messages on WordPress resulted from several JavaScript injections targeting the website.

Malware-infected pages

According to a report by website security and protection platform Sucuri, files injected with trojan malware popped up on the screen while using WordPress. The users were asked to open the file to get a verification code to access WordPress. A “personal verification code” was displayed on the screen that the user was asked to enter on the site. It was this file that contained the remote access trojan.

The fake CloudFlare DDoS prompts were downloaded in the form of .sio file. It installed the NetSupport RAT that enabled remote access to the system without the user’s knowledge. As per the report, the Raccoon stealer malware was injected to copy passwords, cookies, and autofill data from browsers. Interestingly, the file injected with the remote access trojan was flagged as “malicious” by several security vendors.

How DDoS Attacks impact users

The DDoS pop-ups displayed while trying to access WordPress can impact users in various ways, such as hacking their passwords, taking screenshots of online activities, changing system settings, selling bank details on the dark web, and slowing down entire networks, among others.

Preventives against DDoS pop-ups

Keeping all software up to date is one way for users or companies to safeguard their networks from fake DDoS pop-ups or similar DDoS attacks. Not clicking on fake DDoS pop-ups is very important; closing them as they appear is advised. A script blocker may also help block malicious files from running on user devices.

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.


  • […] unsuspecting individuals. According to the research team, the malware steals information from the infected devices by using the commands from the TA’s Command and Control (C&C) server. Since […]

  • […] WordPress is a GUI-based CMS (Content Management System) that helps website owners upload and list content. Once an attacker gets administrator privileges, they can practically take control over the website and even add/remove the administrators from it. […]

Comments are closed.