A very large hacking campaign has penetrated government and college sites in the US in the end delivering dangerous malware. The criminal groups are defacing the uploaded by uploading hacking tutorials for popular online services. When the visitors open them and click on the links they will be redirected to a virus download which will infect their computers.
Malware and Scams Delivered Through Breached USA Government and College Sites
A security research company has detected numerous USA government and college sites to have been breached by hackers. The criminal group is unknown at the moment however the scope of the intrusions is very large. The notice came after it was found that UNESCO’s site has been compromised and a page section has been replaced with a hacking tutorial. The article has had a short description on how to compromise Instagram accounts and includes several links to a third-party site. Upon clicking on it the visitors will be redirected to a site that promises to be a tool used to break into these social media accounts. However when the download button is pressed this will lead to malware delivery. There are several popular scenarios which can be used as the endpoints:
- File Encrypting Ransomware — These are dangerous viruses which are used to encrypt the local data found on the computers. The victims will then be extorted to pay a recovery fee.
- Trojan Horse Infections — These viruses will overtake control of the computers and allow the hackers to spy on the victims in real time, as well as steal their files.
- Cryptocurrency Miners — These are web scripts which can be run from within the web browsers. They will download a sequence of performance-intensive mathematical tasks and perform them on the computer. For every completed and reported instance the hackers will receive a cryptocurrency fee directly in their digital wallets.
- Phishing Redirects and Scams — In many cases pages like this one can be used to redirect the visitors to various login prompts or fields where they are prompted to enter in details. All data will be recorded and it can be used later for various crimes including breaking into their accounts and financial and identity fraud.
- Intrusive Advertising – Many hacker-created pages will include intrusive advertising in various forms: banners, pop-ups, text links and etc. For every interaction or viewing the criminals will receive a small commission fee.
Upon further inspection it seems that this attack campaign has a much larger scopes – colleges, universities and government entities have also been detected to have their pages hacked. The hackers who have breached them have replaced legitimate content with similar style pages promoting fake hacking tools for popular social media and apps such as Netflix, WhatsApp, Facebook, Instagram, Snapchat and TikTok.
The cause of the weaknesses through which the pages were compromised are security vulnerabilities in the hosted content management systems. This means that the hackers have used automated hacking tools in order to find out unpatched appliances and used the exploits to hack into the sites. By doing so the pages can be easily replaced with automated scripts. The phishing scams have been used to steal user data, as well as the Emotet Trojan or alternatively to redirect to adult sites.