[ad_1]
Image source, volexity.com
An example that the Veloxity company noticed in an investigation just published on 11/6
The OceanLotus hacker group, suspected of being related to Vietnam, has created a series of news websites and Facebook pages to mislead readers, thereby installing viruses on their computers to spy, according to the Washington-based cybersecurity firm. DC is called Volexity.
Volexity says that hacking group OceanLotus has created a number of politically-themed, anti-corruption news sites that seem very convincing, but in fact aim to trick and install malicious software on readers’ computers.
For example, there is a page with the address nhansudaihoi13.org, which claims to report on the XIII Congress of the Communist Party of Vietnam, in addition to its Facebook page.
News is mostly copied automatically from traditional news sites, apparently using a WordPress plugin.
Volexity believes that there are two ways these bogus sites can target readers.
One is a so-called “profiling framework” mechanism available on these websites, which is used to verify identity and evaluate information about website visitors.
The other is to directly target people by sending virus-infected links to readers via phishing and by sending direct messages through social networks like Facebook.
When readers visit these fake news sites, a JavaScript attack tool opens. Typically two pieces of code are used:
A code that is used to store information about a visitor.
A code that is used to trick readers into downloading fake software or documents.
Image source, volexity.com
Veloxity used baomoivietnam, for example, which they claim is a fake news site, now requires Flash Player to be installed to penetrate illegally.
Volexity, in the study, used a fake site called baomoivietnam.com. Readers can click to view a story about Ton Duc Thang University. After they log in, a JavaScript engine will appear inviting them to watch a video.
The page will display a dialog that says a video is open.
If the customer is using a Windows machine, after a few seconds the video does not play and the message should install Flash Player immediately. A file appears, for example Adobe_Flash_Install.rar, inviting readers to download it, and then becomes infected with the Cobalt Strike virus.
If customers are using iOS or Android phones they will see a video that requires you to log in to view it and of course this is just a cheat.
Image source, Volexity.com
Volexity has warned of fake website names
Volexity warns that the OceanLotus hacker group continues to target users by creating many similar websites.
They advise users to be careful when viewing web pages, especially pages presented by email, chat, text messages, or SMS.
And no matter which site they visit, they warn users to be careful if they are asked to download or log in with personal information.
