Deceptive landing pages for Microsoft Store, Spotify, and FreePdfConvert have been recently discovered. Attackers are using malicious advertising by promoting well-known and seemingly legitimate applications to lure users to impersonated sites in order to steal their personal information.
Subnet Mask Cheat SheetRecords Cheat SheetGeoDNS ExplainedFree Network TroubleshooterKnowledge BasePricing CalculatorLive CDN PerformanceVideo Demos
BlogsNewsPress ReleasesIT NewsTutorials
Give us your email and we'll send you the good stuff.
Tanya Valdez is a Technical Writer at Constellix. She makes the information-transfer material digestible through her own transfer of information to our customers and readers. Connect with her on LinkedIn.
Deceptive landing pages for Microsoft Store, Spotify, and FreePdfConvert have been recently discovered. Attackers are using malicious advertising to lure users to impersonated sites in order to steal their personal information. The advertisements promote well-known and seemingly legitimate applications. However, upon clicking the ad, the user is directed to the fraudulent web pages.
This malicious campaign was discovered by cybersecurity firm ESET that tweeted a warning about the findings and further advised the public that the targeted countries are located in South America. The tweet included screenshots of the fake Microsoft Store and Spotify pages.
One of the advertisements promoted an online Chess application that can be seen in the screenshot below.
When someone clicks on the ad, they are brought to the fake Microsoft Store page.
It is designed to be an online chess application named 'xChess 3' that is hosted by an Amazon AWS server. The downloaded zip file, 'xChess_v.709.zip' has been flagged as malicious on VirusTotal and is actually a download for 'Ficker', or 'FickerStealer,' an information-stealing exploit in disguise, as shown by this Any.Run report created by BleepingComputer. Similar advertisements from this malware campaign impersonate Spotify or an online document converter. When the user clicks on the ad to visit the site, they encounter the same experience as those who are led to the imitated Microsoft Store site.
Ficker malware is used by threat actors to steal saved credentials in web browsers, desktop messaging clients (Pidgin, Steam, Discord), and FTP clients, details Bleeping Computer. The developer detailed the software capabilities on Russian-speaking hacker forums and offered it for rent for a one-week to a six-month timeframe. It was detailed to have the ability to steal passwords, cryptocurrency wallets, and documents and take screenshots of the victims’ computers as they are actively running the applications. The malicious software then compiles the gathered information as a zip file and transmits it back to the attacker.
Victims of this malware campaign are strongly recommended to change online passwords immediately, check firewalls for any suspicious port forwarding rules that may have been implemented, and check for additional malware by performing a thorough antivirus scan of their computers.
photo/thumbnail source: Kaspersky
Sign up for news and offers from Constellix and DNS Made Easy