The Parrot traffic direction system(TDS), which was reported earlier this year, had a more profound impact than thought before, research stated.
Since February 2019, Sucuri has been following the campaign under the name “”NDSW/NDSX” and stated that “the malware was one of the top infections” identified in 2021, accounting for more than 61,000 websites.
Avast, a Czech cybersecurity company, chronicled Parrot TDS in April 2022; Avast observed that the PHP script had trapped and turned web servers, which hosted more than 16,500 websites, into a gateway for launching further attacks.
“The NDSW malware campaign is extremely successful because it uses a versatile exploitation toolkit that constantly adds new disclosed and 0-day vulnerabilities,” Sinegubko explained.
“Once the bad actor has gained unauthorized access to the environment, they add various backdoors and CMS admin users to maintain access to the compromised website long after the original vulnerability is closed.”