Research

Yes to tweeting, no to phishing

“Weibo”, a micro blog in Chinese, is really hot and has become fashionable in China lately. The number of users of the largest Weibo site Sina Weibo (www.weibo.com) has already reached 140 million. As usual, where there is popularity, there will be security concerns.

Today I found someone referring to my latest tweet, saying that I had won a big prize and needed to click the link to see the details. The guy’s name only consisted of some random letters, which made me cautious. Apparently this is a phishing URL.

I checked this randomly named user and found that he was newly registered but had already sent phishing URLs to lots of users.

Strange user with the strange name

Unfortunately, if you click the URL, you will be redirected to a site called weibo***.info and a page will be displayed saying that you have won a Toyota Camry in a lucky draw held by Sina. But apparently, the hackers didn’t spend much time on the page design.

Poorly designed phishing page

You can tell that it is a phishing page which is good, but it’s too late. At the bottom of the code on the phishing page you can find a special line of code.

Code redirecting you to another piece of malicious code

This line of code is already detected by Kaspersky as Trojan.JS.Iframe.fz. It can redirect you to another piece of malicious code that can exploit the vulnerabilities in your system to download and run malware on your system.

Another reason users click the URL without thinking is that in the micro blog the URLs are shortened and thus it is difficult to tell if it is malicious or suspicious. Therefore, while enjoying the micro blog, please be sure that you are under the protection of a reliable Internet Security product like Kaspersky and keep it updated.

Yes to tweeting, no to phishing

Your email address will not be published. Required fields are marked *

 

Reports

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

Subscribe to our weekly e-mails

The hottest research right in your inbox