Singapore users among those who downloaded malicious software: IT security firm
Sign up now: Get ST's newsletters delivered to your inbox
The hackers created websites that resemble popular applications such as Chrome, Firefox, and WhatsApp that were infected with a trojan virus.
PHOTO: ESET
Follow topic:
SINGAPORE - People in Singapore are among Chinese-speaking computer users in South-east Asia and East Asia who downloaded malicious software that gives hackers control over their computers, an IT security firm has found.
Researchers from Slovakia-based ESET discovered that unidentified hackers created fake websites that resemble the websites of popular applications such as Firefox, WhatsApp, Skype and Telegram.
The software of these apps would be infected with FatalRAT, a trojan virus.
When downloaded, it grants the attackers control over the victim’s computer, allowing them to capture keystrokes, steal or delete data stored by some browsers, and download and execute files.
The hackers also bought Google advertisements for these fake websites, so that they would show up in the sponsored section of search results, making them more accessible to people searching for these apps.
According to a statement from ESET on Thursday, Chinese-language site Landian News reported seeing an advertisement leading to one of these malicious websites, after searching for the Firefox app in Google.
These advertisements were reported to Google and taken down, said ESET.
The malicious websites and installers are mostly in Chinese and, in some cases, falsely offer Chinese-language versions of software not available in China.
Other than Singapore, people in mainland China, Hong Kong, Taiwan and Japan have also been affected.
A fake website offering an installer for WhatsApp. The malicious websites and installers are mostly in Chinese and in some cases, offer Chinese-language versions of software that is not available in China.
PHOTO: ESET
Many of the Web addresses registered by attackers are very similar to legitimate ones, attracting potential victims to the fake websites, said ESET researcher Matias Porolli, who discovered this scam.
While the hackers behind this campaign have not been identified, Mr Porolli added that it is possible that the attackers are interested in stealing information like Web credentials to sell on underground forums, or to use them for another crimeware campaign – when hackers use malware to conduct illegal online activity.
“It is important to check the URL that we are visiting before we download software. Even better, type it into your browser’s address bar after checking that it is the actual vendor site,” said Mr Porolli.
