A new backdoor malware called BlackWater pretending to be COVID-19 information while abusing Cloudflare Workers as an interface to the malware’s command and control (C2) server.
Cloudflare Workers are JavaScript programs that run directly on Cloudflare’s edge so that they can interact with connections from remote web clients. These Workers can be used to modify the output of a web site behind Cloudflare, disable Cloudflare features, or even act as independent JavaScript programs running on the edge that displays output.
For example, a Cloudflare Worker can be created to search for text in a web server’s output and replace words in it or to simply output data back to a web client.