Attackers leverage Cloudflare tunnels to obscure malware distribution
- by nlqip
Cybercriminals regularly abuse free services to host malware or to set up command-and-control (C2) infrastructure because they know connections to such services won’t raise suspicion inside networks. Such is the case with TryCloudflare.com, which was recently abused in a widespread campaign to deliver remote access trojans (RATs).
TryCloudflare is a tunneling feature that enables users to proxy traffic through Cloudflare’s content delivery network. The recent campaigns, independently observed this year and reported this week by researchers from security firms Proofpoint and eSentire, involved phishing emails that resulted in the download of multiple malware families, including XWorm, VenomRAT, PureLogs Stealer, AsyncRAT, GuLoader and Remcos.
“Campaign message volumes range from hundreds to tens of thousands of messages impacting dozens to thousands of organizations globally,” researchers from Proofpoint wrote in their report. “In addition to English, researchers observed French, Spanish, and German language lures. […] Lure themes vary, but typically include business-relevant topics like invoices, document requests, package deliveries and taxes.”
Source link
lol
Cybercriminals regularly abuse free services to host malware or to set up command-and-control (C2) infrastructure because they know connections to such services won’t raise suspicion inside networks. Such is the case with TryCloudflare.com, which was recently abused in a widespread campaign to deliver remote access trojans (RATs). TryCloudflare is a tunneling feature that enables users…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA