constellix background

Malicious Campaign Includes Fake Spotify and Microsoft Store Sites

April 21, 2021

Deceptive landing pages for Microsoft Store, Spotify, and FreePdfConvert have been recently discovered. Attackers are using malicious advertising by promoting well-known and seemingly legitimate applications to lure users to impersonated sites in order to steal their personal information.

Constellix DNS Logo



Resources:

Subnet Mask Cheat SheetRecords Cheat SheetGeoDNS ExplainedFree Network TroubleshooterKnowledge BasePricing CalculatorLive CDN PerformanceVideo Demos



Categories:

BlogsNewsPress ReleasesIT NewsTutorials
Book a Free Demo →

Want DNS Freebies?

Give us your email and we'll send you the good stuff.

Thanks for joining our newsletter.
Oops! Something went wrong.



Categories:

Tanya Valdez is a Technical Writer at Constellix. She makes the information-transfer material digestible through her own transfer of information to our customers and readers. Connect with her on LinkedIn.

Connect with
LinkedIn

http://www.linkedin.com/in/tanya-valdez

Deceptive landing pages for Microsoft Store, Spotify, and FreePdfConvert have been recently discovered. Attackers are using malicious advertising to lure users to impersonated sites in order to steal their personal information. The advertisements promote well-known and seemingly legitimate applications. However, upon clicking the ad, the user is directed to the fraudulent web pages.

This malicious campaign was discovered by cybersecurity firm ESET that tweeted a warning about the findings and further advised the public that the targeted countries are located in South America. The tweet included screenshots of the fake Microsoft Store and Spotify pages. 

Application Hosted by Amazon AWS Server 

One of the advertisements promoted an online Chess application that can be seen in the screenshot below. 

When someone clicks on the ad, they are brought to the fake Microsoft Store page. 

It is designed to be an online chess application named 'xChess 3' that is hosted by an Amazon AWS server. The downloaded zip file, 'xChess_v.709.zip' has been flagged as malicious on VirusTotal and is actually a download for 'Ficker', or 'FickerStealer,'  an information-stealing exploit in disguise, as shown by this Any.Run report created by BleepingComputer. Similar advertisements from this malware campaign impersonate Spotify or an online document converter. When the user clicks on the ad to visit the site, they encounter the same experience as those who are led to the imitated Microsoft Store site. 

What is Ficker Malware

Ficker malware is used by threat actors to steal saved credentials in web browsers, desktop messaging clients (Pidgin, Steam, Discord), and FTP clients, details Bleeping Computer. The developer detailed the software capabilities on Russian-speaking hacker forums and offered it for rent for a one-week to a six-month timeframe. It was detailed to have the ability to steal passwords, cryptocurrency wallets, and documents and take screenshots of the victims’ computers as they are actively running the applications. The malicious software then compiles the gathered information as a zip file and transmits it back to the attacker. 

Victims of this malware campaign are strongly recommended to change online passwords immediately, check firewalls for any suspicious port forwarding rules that may have been implemented, and check for additional malware by performing a thorough antivirus scan of their computers.

photo/thumbnail source: Kaspersky

malware, Amazon AWS, AWS, Amazon, Ficker, Microsoft Store, Spotify

Simplify & automate your DNS management.

Learn how we can help with a customized demo.

Get Started
pie diagram dnsdns graph

Constellix DNS News

Sign up for industry news and insights. It'll be worth it.

Sign up for news and offers from Constellix and DNS Made Easy

Thanks for joining our newsletter.
Oops! Something went wrong.