As we announced some days ago, Hispasec discovered a new fraud infrastructure distributed by the social networks using social engineering techniques. This scam, named “Anniversary”, follows the procurement of personal data like the phone number, postal code or the bank account data. The scam is carried out through a simple survey and a random box selection game (the victim always wins), then the user is asked to share the promotion with relatives through Whatsapp as well as his/her own personal information in order to receive the award (which they never actually get). The final aim of the attackers goes further; this is just a first phase, which can continue with other fraud methods like the installation of malware, obtaining credit cards information or subscribing online users to Premium services once they provide their phone numbers..
The attackers are using multilayer infrastructure and multiple service providers are involved, in addition to having millions of different domains, with the aim of making the detection and the deactivation of the scam campaign more difficult. Hispasec used VirusTotal to investigate the fraud campaign and reported the results to Google Safe Browsing, giving them all the URLs and domains to protect over 4.000 millions of devices that use this service immediately.
Google Safe Browsing is used by multiple browsers like Chrome, Firefox, Safari, Vivaldi, Brave and GNOME Web, which are used in multiple platforms, including Windows, OSX, Linux, Chrome, Android, iOS and more. For practical purposes, it is a prevention system of web threats with great coverage worldwide.
With this new partnership, the Antifraud Hispasec service and its SOC 24x7 reinforce the mitigation of phishing attacks cases, scams, malware and digital vigilance, improving its countermeasures tools and minimizing the time of response to effectively prevent the threats.
Hispasec is still tracking this threat actor, which has started to deploy two new kits with similar features impersonating the ID of a lot of brands.