Researchers discover widespread abuse of free popular VPN alternative for malware delivery

malware
Image Credit: Flickr (Image credit: Shutterstock)

New research has disclosed an alarming increase in the abuse of TryCloudflare Tunnels for financially-motivated malware delivery.

Initial observations of the attacks in February 2024 by cybersecurity firm Proofpoint were followed by an increase in cases, signifying an emerging trend.

The primary payload observed in these campaigns is XWorm, a notorious remote access trojan (RAT), but AsyncRAT, VenomRAT, GuLoader and Remcos have also been observed.

TryCloudflare Tunnels hijacked

Threat actors are leveraging temporary Cloudflare instances to execute attacks using helper scripts, which Proofpoint says is complicating traditional security measures by making it challenging to both detect and prevent the threats.

Proofpoint tracking revealed cybercriminals are exploiting the TryCloudflare feature to establish one-time tunnels, acting similarly to VPNs or SSH protocols. Typically, attacks involve messages containing URLs or attachments leading to an internet shortcut file.

Unknowing victims clicking on the link will connect to an external file share and download an LNK or VBS file, which executes a BAT or CMD file. The malicious files ultimately download a Python installer package and scripts that install the malware.

Recently, more than 1,500 messages were seen to have targeted a range of sectors, including finance, manufacturing and technology.

Although the attacks have not been attributed to a specific threat actor, research continues to be underway.

The company also offered some guidance as to how businesses can prevent these types of attacks. By restricting Python usage where unnecessary and safeguarding against external file-sharing services, Proofpoint says that organizations stand a much better chance of avoiding the malware.

More from TechRadar Pro

TOPICS
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!