Skip to main content

Bad "landing": hackers target airlines


Top global airline companies have been compromised by fraudsters for the second time during the last six months.

This time, criminals used the tried and tested "gift" scheme for promotion on Facebook: "Lufthansa is giving away 2 tickets!" These posts are actively shared by colleagues, friends and acquaintances – and under the influence of the freebie strategy and their friends, a person goes on a website with an airline company's logo. Fraudsters deliberately create addresses using names of famous brands in order to put people off their guard. This technique is called spoofing.




To get the free air tickets, a user is prompted to answer a few simple questions: "Have you ever traveled with our company?", "Do you really want to get 2 free tickets?", and "Confirm that you are an adult". After that, the message "Lufthansa is giving away 2 tickets!" and a photo of two boarding passes with the airline's logo are displayed. To get them, a user needs to like the webpage and share the post among their friends in their account. That is how you may unknowingly involve your friends in the fraudulent scheme.






Of course, there are no free air tickets. The best of the 'worst' case scenarios is that a user is redirected to an advertising page and fraudsters receive money for increased traffic. Now, this viral campaign has started in Europe – the first posts have been shared by Facebook users abroad. On September 26, Lufthansa notified users about the fake campaign on its official Facebook page and urged passengers to resist provocations and think about their security!








Lufthansa is not the only company that has faced such troubles. Specialists of the Group-IB CERT (Computer Emergency Response Team) revealed that at least 86 domains had been registered in the name of a certain Rachita M. since August 31 and that those domains used international airline companies' names: Air Canada, Swissair, British Airways, Air-France, Austrian Airlines, and others. Fraudsters made photos of the companies' official board passes for each fake campaign, and the questionnaire was prepared in the airlines' national languages.

A similar large-scale fake campaign was tracked this June. Specialists of Group-IB's Investigation Division found out that fraudsters used airlines' brands to increase traffic on the websites of clients of an American company providing website and mobile app promotion and monetization services. In some cases, users were asked to provide their personal information: name, email, phone, date of birth, and address, or were signed up for paid services.

This time, the ultimate goal of the campaign is unclear – users are not forwarded anywhere. Some of the detected phishing websites with questions do not open – it may be the case that fraudsters are just preparing for a large-scale campaign.

The danger here is that this scheme can be used by hackers for cyberattacks. Special people – traffers – redirect users from popular websites to malicious ones where money stealing Trojans are downloaded. Your computer may be connected to a botnet to conduct DDoS attacks or used to mine bitcoins.

Comments

Popular posts from this blog

Javascript Miner: Hacker's Wet Dream

Experiencing lags on your computer? You're probably running a miner that consumes 100% of your CPU. Coin Hive (a JavaScript based miner) is becoming rapidly popular among Malware developers.


Coinhive, as a tool, is a JavaScript library that website owners can load on their site. When users access the site, the Coinhive JavaScript code library executes and mines for Monero, but using the user's CPU resources.

Very smart idea as it was meat to be a replacer for publicities. Coinhive launched on September 14, and its authors advertise it as an alternative to classic advertising. Coinhive claims that webmasters can remove ads from their sites, and load the Coinhive library and mine for Monero using a small portion of the user's CPU while the user is navigating the site. Site owners can make money and support their business, but without peppering their visitors with annoying ads.

The idea got some traction, and two days after it launched The Pirate Bay ran it as a tes…

NiceHash: security breach leads to 60 million lost - Iceman is behind?

A dark day for crypto currency miners, NiceHash has been hacked. Closely to 60$ millions (4,736.42 BTC) have been stolen while the bitcoin is crossing the 14k$ mark for the first time.













The hacker's bitcoin address cleary shows the steal of  4,736.42 BTC in a window of 48 hours: https://bitinfocharts.com/bitcoin/address/1EnJHhq8Jq8vDuZA5ahVh6H4t6jh1mB4rq




NiceHash users are furious by the time of reaction of the team. It took about 24 hours to realise that big amounts have been stolen.

I've contacted a member of Iceman and knowing this security breach for some reason he explained that NiceHash actually owned their users bitcoin wallets in order to save transactions fees and collect unclaimed BTC. This issue leads to a massive security breach which allow access to all NiceHash wallets. He claimed that by reverse engineering of their miner client, Iceman group was able to access their API. Is Iceman really behind this attack?






ICEMAN: Banks holes like in Cheese

Operation "Emmenthal" is the nickname for a grand-scale phishing campaign targeting bank clients. The goal of the campaign is to receive fraudulent payments by taking actions (e.g. money transfers) on behalf of the legitimate end user.



By phishing the victims with a mobile application which mimics the bank’s genuine application, the hackers steals the two-factor-authentication tokens used during the login (both user/passwords and SMS verification code) and then issuing money transfers by SMS Services offered by the bank, together with sending these sensitive credentials to the hackers infrastructure.


The ICEMAN group, which first came to knowing after contacting me to claim responsibility for the Banrisul Bank attack in Brazil, now claim they have committed many of the reported "Emmental" attacks as well. The hacker’s intentions and motives are shown at first in this exclusive interview.


What was your goal of the attack?

We need more bank accounts to sell. The b…