Cybercriminals exploit war in Ukraine with fake sites
Scammers and fraudsters are exploiting the Russian invasion of Ukraine to loot money and spread malware. They counterfeit legitimate websites and ask visitors to transfer money via cryptocurrencies to supposedly help civilian victims. In reality, the donations end up in the hands of cybercriminals.
That writes security company Infoblox in a blog.
Number of malicious websites about Ukraine doubled
Since the start of the war between Russia and Ukraine, the Infoblox Threat Intelligence Group has seen cybercriminals register domain names and launch websites related to the Russian invasion. By comparison, in the days after the first Russian troops invaded Ukraine, the number of registered Ukraine-related domain names has more than doubled.
Scammers jump on the news by supposedly asking for humanitarian aid for the war victims. They pose as decentralized anonymous organizations (DOAs) or independent charitable organizations with no hierarchical structure. Sometimes the cybercriminals ask for donations, other times they say to collect food, medicines, and other basic necessities.
Many suspicious and unreliable sites in circulation
It is striking that cybercriminals offer the possibility to transfer donations via Bitcoin and other cryptocurrencies. An example of this is an official-looking Twitter account of the Ukrainian government that asked if people could transfer donations in crypto coins the day after the Russian invasion. Since then, the number of untrustworthy fake sites has exploded.
Infoblox recognizes that it is extremely difficult for the average visitor to spot malicious websites. The web addresses, design of the sites, and texts often resemble legitimate initiatives like two drops of water. According to the researchers, the website of Pussy Riot member Nadya Tolokonnikova called Ukraine DOA is legitimate and does not distribute malware or untrustworthy content through this site.
Websites of other charitable organizations are suspicious and unreliable, according to Infoblox, and have no affiliation with individuals or agencies surrounding the Ukrainian government.
Beware of fake messages with malware
In addition to rogue websites, Infoblox also sees that cybercriminals also send spam messages with malware. It is the Agent Tesla Keylogger Trojan. With this, the scammers attempt to steal financial data from unsuspecting victims. This keylogger is hidden in an email attachment. As soon as an employee opens this attachment, the malware does its job.
“We encourage everyone to think twice before clicking on links to sites and verify the legitimacy of these organizations,” Infoblox warns. “Some of these sites could serve as a fraudulent cover for intelligence agencies or cybercriminal activity, posing potential risks of terminal device spyware and the harvesting of Personally Identifiable Information (PII).”
Catch up on more articles here
Follow us on Twitter here