- Joined
- Jun 13, 2020
- Messages
- 8,045
- Reaction score
- 1,019
- Points
- 212
- Awards
- 2
Criminals use Facebook to distribute malicious links that redirect users to fraudulent sites.
Security researchers at Malwarebytes have reported a sophisticated browser locker-type malware campaign targeting Facebook users. Attackers use a Cross Site Scripting (XSS) vulnerability in a popular news site to redirect their victims to fraudulent web pages.
Browser locker is a type of redirection attack in which Internet users click on one site, but instead end up on a page warning that their computer has been infected with some kind of malware. A page controlled by attackers usually prompts users to call a specific number for "technical support". Criminals posing as tech support employees then ask for a fee to remove malware from users' devices.
In this massive campaign, experts say, criminals use Facebook to spread malicious links that redirect users to fraudulent sites. Links can also be distributed through Facebook games. Facebook shows users a pop-up asking them to confirm the redirect, but the site name is hidden due to the link being a shortened URL. In total, experts identified 50 different links used for fraud.
The URLs redirect victims to a Peruvian website called RPP. The site contains an XSS vulnerability that allows open redirection to fake pages.
"Attackers love to abuse open redirects because it lends legitimacy to the URLs they send to victims," the researchers note.
“The malicious site shows an animation that simulates scanning the current system files and threatens to remove the hard drive after five minutes. Of course, this is all fake, but it looks convincing enough for some people to call a toll-free number for help, ”the experts said.
There were a lot of phone numbers as well as the pages themselves. Researchers have found nearly 40 different phone numbers, but there could be many more.
Security researchers at Malwarebytes have reported a sophisticated browser locker-type malware campaign targeting Facebook users. Attackers use a Cross Site Scripting (XSS) vulnerability in a popular news site to redirect their victims to fraudulent web pages.
Browser locker is a type of redirection attack in which Internet users click on one site, but instead end up on a page warning that their computer has been infected with some kind of malware. A page controlled by attackers usually prompts users to call a specific number for "technical support". Criminals posing as tech support employees then ask for a fee to remove malware from users' devices.
In this massive campaign, experts say, criminals use Facebook to spread malicious links that redirect users to fraudulent sites. Links can also be distributed through Facebook games. Facebook shows users a pop-up asking them to confirm the redirect, but the site name is hidden due to the link being a shortened URL. In total, experts identified 50 different links used for fraud.
The URLs redirect victims to a Peruvian website called RPP. The site contains an XSS vulnerability that allows open redirection to fake pages.
"Attackers love to abuse open redirects because it lends legitimacy to the URLs they send to victims," the researchers note.
“The malicious site shows an animation that simulates scanning the current system files and threatens to remove the hard drive after five minutes. Of course, this is all fake, but it looks convincing enough for some people to call a toll-free number for help, ”the experts said.
There were a lot of phone numbers as well as the pages themselves. Researchers have found nearly 40 different phone numbers, but there could be many more.
