Deceptive landing pages for Microsoft Store, Spotify, and FreePdfConvert have been recently discovered. Attackers are using malicious advertising to lure users to impersonated sites in order to steal their personal information. The advertisements promote well-known and seemingly legitimate applications. However, upon clicking the ad, the user is directed to the fraudulent web pages.
This malicious campaign was discovered by cybersecurity firm ESET that tweeted a warning about the findings and further advised the public that the targeted countries are located in South America. The tweet included screenshots of the fake Microsoft Store and Spotify pages.
Application Hosted by Amazon AWS Server
One of the advertisements promoted an online Chess application that can be seen in the screenshot below.
When someone clicks on the ad, they are brought to the fake Microsoft Store page.
It is designed to be an online chess application named 'xChess 3' that is hosted by an Amazon AWS server. The downloaded zip file, 'xChess_v.709.zip' has been flagged as malicious on VirusTotal and is actually a download for 'Ficker', or 'FickerStealer,' an information-stealing exploit in disguise, as shown by this Any.Run report created by BleepingComputer. Similar advertisements from this malware campaign impersonate Spotify or an online document converter. When the user clicks on the ad to visit the site, they encounter the same experience as those who are led to the imitated Microsoft Store site.
What is Ficker Malware
Ficker malware is used by threat actors to steal saved credentials in web browsers, desktop messaging clients (Pidgin, Steam, Discord), and FTP clients, details Bleeping Computer. The developer detailed the software capabilities on Russian-speaking hacker forums and offered it for rent for a one-week to a six-month timeframe. It was detailed to have the ability to steal passwords, cryptocurrency wallets, and documents and take screenshots of the victims’ computers as they are actively running the applications. The malicious software then compiles the gathered information as a zip file and transmits it back to the attacker.
Victims of this malware campaign are strongly recommended to change online passwords immediately, check firewalls for any suspicious port forwarding rules that may have been implemented, and check for additional malware by performing a thorough antivirus scan of their computers.
photo/thumbnail source: Kaspersky
Need better DNS?
We can help.
• Configure with ease
• Prevent DDoS attacks
• Monitor your domains
• Optimize site traffic
• Enhance domain performance
• Free POC Account + Demo
BOOK FREE DEMO
Constellix DNS News
Sign up for industry news and insights. It'll be worth it.
Sign up for news and offers from Constellix and DNS Made Easy
