{
	"id": "76b0e4da-ea72-400f-8ad4-8bf0166b46ec",
	"created_at": "2026-04-06T00:08:17.737784Z",
	"updated_at": "2026-04-10T13:12:08.744975Z",
	"deleted_at": null,
	"sha1_hash": "d0c5527ca60933e6f66769c21b66b85c2a011b2e",
	"title": "Threatening Redirect Web Service Instills Malicious Campaigns In Over 16,500 Websites",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 730979,
	"plain_text": "Threatening Redirect Web Service Instills Malicious Campaigns In\r\nOver 16,500 Websites\r\nBy Dr. Hura Anwar\r\nPublished: 2022-04-10 · Archived: 2026-04-05 23:17:57 UTC\r\nSecurity researchers are raising the alarm about a threatening traffic direction system named Parrot.\r\nThe new redirect service is being outlined as the root cause of infecting more than 16,500 different servers playing\r\nhost to various sectors like universities, blogs, adult sites, and even local governments.\r\nThis new TDS has been known to redirect vulnerable victims that match a particular target profile towards\r\ndifferent sources on the web like malicious sites or phishing programs.\r\nThe actors running these malicious campaigns begin the process by purchasing the TDS so they can selectively\r\ncontrol the target that’s coming in while forwarding it to another location that has a similarly malicious theme.\r\nOn a routine basis, most TDS services are used by so those who belong to the marketing sector and that’s why\r\nthere are credible reports showing how similar campaigns were run in the recent past too.\r\nParrot has been reported as being detected by security analysts that are working for Avast. They have recently\r\nmade claims about how the campaign was used for FakeUpdate which used fake browsers to deliver update\r\nhttps://www.digitalinformationworld.com/2022/04/threatening-redirect-web-service.html\r\nPage 1 of 2\n\nnotices about remote access trojans, better known as RATs.\r\nWhile the malicious incident may have been reported in February of this year, there are plenty of signs that show\r\nthat it was very active since October of 2021.\r\nThe security analysts also shed light on how users can distinguish the alarming Parrot TDS from a number of\r\nothers by how its far outreach and the number of target victims affected.\r\nIn addition, the analysts claim these malicious websites actually may not have too many similar findings other\r\nthan the fact that servers hosted some unsecured CMS websites.\r\nThe new malicious web in place is based on poor servers that were laid down by hackers who directed it to a\r\nnumber of locations through the parroting pattern.\r\nLast month alone, Avast was able to secure nearly 600,000 vulnerable targets through its diverse services,\r\ndisabling them from paying these infected areas a visit. And that just goes to show the huge potential of the Parrot\r\ngateway.\r\nCommon nations affected by Parrot included the likes of India, Singapore, Brazil, Indonesia, and the US too. But\r\nnew emerging details showed how Parrot can finetune its filters to target a particular user’s profile from hundreds\r\nof others.\r\nThey are known to achieve just that by forwarding the target to special URLs that have detailed network profiles\r\nand intricately designed software.\r\nAnd while the RAT initiative may be the main target for the TDS, security experts believe some of the affected\r\nservers actually serve as hosts for different phishing sites. And while their homepages may appear authentic like\r\nMicrosoft’s classic log-in, they are not. Therefore, users end up adding their credentials for accounts and become\r\ntargeted.\r\nBut is there a solution to this problem? Well, Avast has been generous enough to outline a few pointers worth a\r\nmention:\r\n1. Admins can scan their files using anti-virus software\r\n2. They should replace any JavaScript files with their originals\r\n3. Make use of the newest CMS version with extra plugins\r\n4. Keep an eye out for tasks that run automatically\r\n5. Make use of strong credentials for all accounts, including the use of 2FA where necessary\r\n6. Add any security plugins for vulnerable sites like WordPress\r\nRead next: A new malware FFDroider is hacking social media accounts by stealing browser data\r\nSource: https://www.digitalinformationworld.com/2022/04/threatening-redirect-web-service.html\r\nhttps://www.digitalinformationworld.com/2022/04/threatening-redirect-web-service.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.digitalinformationworld.com/2022/04/threatening-redirect-web-service.html"
	],
	"report_names": [
		"threatening-redirect-web-service.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434097,
	"ts_updated_at": 1775826728,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d0c5527ca60933e6f66769c21b66b85c2a011b2e.pdf",
		"text": "https://archive.orkl.eu/d0c5527ca60933e6f66769c21b66b85c2a011b2e.txt",
		"img": "https://archive.orkl.eu/d0c5527ca60933e6f66769c21b66b85c2a011b2e.jpg"
	}
}