During my regular web browsing, I have noticed weird behaviour of the website.
Based on my current user agent, set in the web browser, I was forwarded to various scam pages.
In summary, the main goal of the scam was to collect my email, password, card details.
The setup was that growing number of hacked websites forwarded to the environment of inter-connected sites, each of them having the sole purpose to take advantage of vulnerability either in browser or in the user judgement.
So I have crawled all the links in the code from the forwarding websites, thus generated the “map” for the malicious setup. It’s visualised above.
What has happened in short:
- Vulnerable websites were hacked, used for social engineering attacks.
- Trick: “Prove that you are not a robot and allow for the notifications in your browser! ” 😀
- Timing seemed to be related to black Friday madness.
- Mac users were threatened by fake AV scan results to install questionable app.
- Based on IP location, content was server in language mutations, aiming to regions. Top 5: US, Taiwan, CZ, DE, UK.
- User was invited to a fake contest/ questionnaire and “won” huge sale on new iPhone or Samsung Galaxy phone.
- User wins, next card details were required. System remembered already paste information, was able to verify card number and attempted to charge the card immediately.