Scammers take advantage of MH370
By Digital News Asia March 19, 2014
- False video lures users to spoof Facebook page
- Malware downloads additional files, steals user info
CYBER-CRIMINALS are taking advantage of the tremendous interest in Malaysia Airlines flight MH370, which disappeared on March 8 and is the subject of a massive search and rescue operation.
As with the Boston Marathon and Typhoon Haiyan incidents, cybercriminals have not hesitated to use hot topics to trick unsuspecting victims in their schemes, said cyber-security company Trend Micro Inc.
On March 14, scammers used the news of MH370 to get Facebook users to click a malicious link that leads to a spoofed Facebook page. The link was labelled “[BREAKING NEWS] Malaysia Plane Crash into Vietnam sea MH370 Malaysia Airlines is FOUND!”
If they click on the link, users are taken to the spoofed Facebook page with a supposed ‘ready-to-play’ video. But clicking anywhere on said page leads the user to another spoofed page, Trend Micro said in a statement.
If the user clicks further, he will be prompted to share the link so he can see the video, the company said, citing its TrendLabs security research team.
Sharing the video, of course, helps cybercriminals spread their malicious link to other users, the company said. After sharing, the user will be asked to verify his age by completing a supposed ‘test.’ The said test, as usual, is nothing but another survey scam.
Although the spoofed site has since been taken down, users were still able to access the malicious site while it was still up. Around 41% of the clicks were from Asia Pacific, TrendLabs said.
TrendLabs also spotted an executable file named “Malaysian Airlines MH370 5m Video.exe.” This is detected as BKDR_ANDROM.WRPX.
Cybercriminals made the file look like a video to entice users to open it. Once inside a user’s computer, the backdoor downloads additional files as well as collects information such as the user’s IP (Internet Protocol) address.
TrendLabs security focus lead Paul Oliveria warns users to exercise caution before clicking shared links.
“Given the heightened interest in the missing flight, it was only time cybercriminals used it to their advantage,” he said.
“Every time incidents like this occur, we recommend people to stick to reputable news sites instead of relying on links shared via social media,” he added.