Group-IB, one of the leaders in the field of cybersecurity, has discovered 140 resources that, under the guise of live broadcasts of the Winter Olympic Games in Beijing, redirect users to fraudulent and phishing sites. Attackers posted announcements of illegal broadcasts on hacked pages of universities, charitable foundations and online stores. Most of the dangerous resources are blocked.

After the opening of the XXIV Winter Olympic Games in Beijing, specialists from the Information Security Incident Response Center (CERT-GIB) discovered 140 active resources that were used to host illegal broadcasts, and therefore for scam and phishing. In total, 289 sites could potentially be involved in the scheme. The largest is the Kinohoot network - it includes more than a hundred resources. Its owner started registering domains back in 2019 and "participated" in the 2020 Summer Olympics in Tokyo - then CERT-GIB specialists found 120 similar resources created to conduct fraudulent "live broadcasts".

The broadcasting scheme itself works as follows: on one of the pages of the hacked resource, the user sees a video player window with an embedded link to a “live broadcast” and symbols of the Winter Olympic Games. By clicking on it, he goes to the live landing page - in addition to the video player, sports news and announcements of upcoming competitions are sometimes posted here.

However, to watch the broadcast, you need to register, enter your phone number and indicate a special "access code", the button for receiving which, depending on the country and device of the visitor, will lead the victim to various fraudulent and phishing resources.

For example, on a fraudulent site, it is proposed to participate in the draw for free access to broadcasts by opening one of 12 "boxes". The user is given three attempts to select a prize box. After two unsuccessful attempts, the third one wins. The spread in the amount of winnings ranges from $10 to $10,000. On the same page, there is a window with a chat bot where it gives “instructions” on how to receive a prize. The victim must agree to receive the winnings, and then - according to the classics - pay a small "commission" for the conversion - 300-500 rubles and enter the bank card details on the phishing resource. Of course, the victim will not receive a cash prize or an online broadcast. In another scenario, the victim is asked to send an SMS to a specified number, but instead of broadcasting, they connect it to various paid services and subscriptions.

"The Korobochka Internet scam has been known for quite a long time, but scammers constantly adjust their schemes to popular or significant events in the world and, of course, use freshly registered domains for this, says Alexander Kalinin, head of CERT-GIB. — In this scheme, to enter In order to trust the victim, the redirect is often placed on legitimate hacked sites, such as universities (Ecuadorian Universidad Espíritu Santo or Indonesian Universitas Muhammadiyah Yogyakarta), charitable foundations and non-profit organizations (African Studies Association)."

Group-IB experts recommend following the sports competitions of the Olympic Games exclusively on official resources, and be wary of “promotions” and “draws”. And even more so, do not enter bank card data and personal data on suspicious sites.

bbabo.Net