A new backdoor malware called BlackWater uses Cloudflare Workers as an interface to the malware’s command and control (C2) server. These Workers can be used to modify the output of a web site behind it. MalwareHunterTeam discovered a RAR file being distributed pretending to be information about the Coronavirus (COVID-19) called “Important – CO VID-19″” that uses a Word icon. The malware is then launched using a command line that causes the malware to connect to a. command line. This C2 will respond with a. JSON encoded string that may contain commands to execute when the malware connects to it.”
Source: https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/