Cloudflare Tunnel Trouble: Cybercriminals Turn Free Service Into RAT Haven
Researchers warn that threat actors are abusing the Cloudflare Tunnel service to distribute remote access trojans (RATs). Leveraging the TryCloudflare free service, malware campaigns are targeting various sectors with tax-themed emails and malicious .LNK files. The anonymity and reliability of TryCloudflare make it an attractive tool for cybercriminals.
Hot Take:
When life gives you tunnels, some folks choose to hide malware in them. Just when you thought the internet couldn’t get any “cloudier,” cybercriminals are now using Cloudflare’s Tunnel service to deliver their nasty surprises. Turns out, even digital bad guys appreciate a free lunch!
Key Points:
- Cloudflare’s Tunnel service is being abused by threat actors to distribute remote access trojans (RATs).
- The misuse was first detected in February and involves multiple RATs like AsyncRAT, GuLoader, VenomRAT, Remcos RAT, and Xworm.
- Threat actors are leveraging the TryCloudflare feature to create anonymous, temporary tunnels to host malicious payloads.
- Recent malware campaigns have targeted sectors such as law, finance, manufacturing, and technology.
- Cloudflare is actively working to disable malicious tunnels and encourages reporting of suspicious URLs.
Already a member? Log in here