THERE are two websites people must never search for, or they’ll be putting themselves at unnecessary risk of a bank raid, according to a new report.
Cyber criminals can cleverly hide malware in even those most legit-looking sites.
1
But cyber crooks are increasingly hijacking users’ Chrome browsers if they try to stream popular movies or video games from pirating websites, an investigation by cyber security firm HP Wolf found.
They are adding OneNote documents to fake “click here” icons where any malicious file can be hiding inside.
It forms part of a scheme which researchers forecast will worsen over the coming months.
The cost of living crisis and the recent Netflix account sharing ban is expected to push people towards free alternatives – pirating sites.
If you’ve ever been brave enough to venture onto a pirate site, you’ll know users are jumped at by a number of random adverts and fake “click here” icons.
Clicking the fake icon opens the hidden file, executing malware to give attackers access to the users’ machine.
This access – as well as any personal data obtained in the meantime – can then be sold on to other cybercriminal groups and ransomware gangs on the dark web.
Sophisticated groups like Qakbot and IcedID can make a living off naive web users this way, having launched efforts to take advantage of pirate sites with embedded malware links in January.
Most read in Tech
OneNote kits are even available on cyber crime marketplaces and requiring little technical skill to use – so this malware campaign won’t just be spearheaded by the professionals.
“To protect against the latest threats, we advise that users and businesses avoid downloading materials from untrusted sites, particularly pirating sites,” explains Patrick Schläpfer, Malware Analyst at the HP Wolf Security threat research team, HP Inc.
These OneNote attacks are also common among businesses, targeting professionals via their work emails.
HP researchers found that hackers frequently break into trusted Office 365 accounts to set up new company emails which can be used to distribute a malicious excel file that infects victims’ PCs.
Dr. Ian Pratt, Global Head of Security for Personal Systems at HP, said: “To protect against increasingly varied attacks, organisations must follow zero trust principles to isolate and contain risky activities such as opening email attachments, clicking on links, or browser downloads.
“This greatly reduces the attack surface along with the risk of a breach.”
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
