THERE are two websites people must never search for, or they’ll be putting themselves at unnecessary risk of a bank raid, according to a new report.
Cyber criminals can cleverly hide malware in even those most legit-looking sites.
But cyber crooks are increasingly hijacking users’ Chrome browsers if they try to stream popular movies or video games from pirating websites, an investigation by cyber security firm HP Wolf found.
They are adding OneNote documents to fake “click here” icons where any malicious file can be hiding inside.
It forms part of a scheme which researchers forecast will worsen over the coming months.
The cost of living crisis and the recent Netflix account sharing ban is expected to push people towards free alternatives – pirating sites.
READ MORE ON SCAMS
Android users warned over bank raiding apps – there’s 4 ways to protect yourself
YouTube fans warned of heart-wrenching video that’s tricked people out of £155k
If you’ve ever been brave enough to venture onto a pirate site, you’ll know users are jumped at by a number of random adverts and fake “click here” icons.
Clicking the fake icon opens the hidden file, executing malware to give attackers access to the users’ machine.
This access – as well as any personal data obtained in the meantime – can then be sold on to other cybercriminal groups and ransomware gangs on the dark web.
Sophisticated groups like Qakbot and IcedID can make a living off naive web users this way, having launched efforts to take advantage of pirate sites with embedded malware links in January.
Most read in Tech
How Musk and Zuckerberg measure up for cage fight – as Tate offers ‘training’
iPhone owners urged to sell devices SOON – before it halves in price
iPhone owners are just realising hack to SNAP crooks if they steal your device
iPhone users urged to check Settings after Apple spots ‘critical’ security flaws
OneNote kits are even available on cyber crime marketplaces and requiring little technical skill to use – so this malware campaign won’t just be spearheaded by the professionals.
“To protect against the latest threats, we advise that users and businesses avoid downloading materials from untrusted sites, particularly pirating sites,” explains Patrick Schläpfer, Malware Analyst at the HP Wolf Security threat research team, HP Inc.
These OneNote attacks are also common among businesses, targeting professionals via their work emails.
HP researchers found that hackers frequently break into trusted Office 365 accounts to set up new company emails which can be used to distribute a malicious excel file that infects victims' PCs.
Dr. Ian Pratt, Global Head of Security for Personal Systems at HP, said: “To protect against increasingly varied attacks, organisations must follow zero trust principles to isolate and contain risky activities such as opening email attachments, clicking on links, or browser downloads.
"This greatly reduces the attack surface along with the risk of a breach."
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
- How to delete your Instagram account
- What does pending mean on Snapchat?
- How to check if you've been blocked on WhatsApp
- How to drop a pin on Google Maps
- How can I change my Facebook password?
- How to go live on TikTok
- How to clear the cache on an iPhone
- What is NFT art?
- What is OnlyFans?
- What does Meta mean?
Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.
Source: Read Full Article