Avast Blog_Security News: Iranian hackers host malicious ‘Hire Military Heroes’ site

[harlan4096]

Plus, attackers target Tibetan leadership with spyware, a phishing scam snaps up your Instagram credentials, and YouTube is hit with a massive wave of account hijacks

A new website titled Hire Military Heroes pretends to help U.S. veterans find jobs, but cybersecurity researchers have discovered it to be a malicious site run by an Iranian nation-state hacking group. Dark Reading reports the group is called Tortoiseshell, while some experts believe they are actually the infamous Imperial Kitten hacking group. The phony site prompts visitors to download an app, which is actually a malicious downloader that plants malware in the user’s system. The malware then collects a wealth of information about the victim’s network, including hardware details, system configuration, and other admin data. It is unclear how the group is sourcing or luring its victims, but the backdoor created by the malware allows the group to spy on American military veterans while gathering personal information about them. Avast Security Evangelist Luis Corrons says these actions may lead to further data theft. “These are social engineering tactics targeting a specific social group, probably to gather certain information they need to perform further attacks.”

This week’s stat

The FAA predicts there will be between 1.3 million and 1.7 million hobby drones in the U.S. by 2023. Read more on drones.

Dalai Lama team targeted with spyware

Using WhatsApp, a hacker group targeted Tibetan leadership with messages falsely claiming to be from nonprofit activist groups like Amnesty International. The messages contained malicious links that if clicked would infect their devices with spyware. Business Insider reports that over the past two years Tibetan officials, including some who work for the Dalai Lama, received messages from hackers. Some of the attackers posed as activists – and in one instance a New York Times reporter – who wanted to share photo and video evidence of human rights violations in China. A link the attackers sent purported to lead to this evidence, but actually downloaded spyware on their iOS or Android devices. Fortunately, none of the intended targets were compromised by the scam as all their devices had already been updated with the latest security protections that detected and neutralized the spyware. “In some regions and situations where certain people are likely to be targeted, users have to be extra careful,” said Avast’s Corrons. “Never click on links or open files that come from people you do not trust. And even messages that appear to come from trusted people should be scrutinized. Make sure the sender actually sent the message.”

This week’s quote

“When you can fully recover a company’s IT infrastructure after a devastating fire, that says a lot about proactive service.” – Frank Zamarelli, Salem Computer Center, on helping a grain mill after a disaster. Read more on SMB cybersecurity.

Instagram users targeted with phony copyright notice

Researchers are warning Instagram users of a new phishing scam that falsely threatens account suspension due to copyright infringement. According to Bleeping Computer, users are presented with a fake, albeit official-looking, notice claiming that copyrighted material was found in their Instagram posts and that they have 24 hours to dispute the charge before their account is suspended. The fraudulent notice baits users to click a “Copyright Objection Form” button which directs them to the phishing landing page. There, they are prompted to enter their login credentials which are sent to the attackers. Experts warn that even savvy users may fall for the scam because the attackers took pains to make their message look legitimate, using official Instagram colors and font, an HTTPS certificate that provides the green padlock in the browser address bar, and a domain name that features the words “instagram” and “copyright infringement.”
...

Continue Reading