- Get link
- X
- Other Apps
A report by Avast, the global leader in digital security products, shows that the company blocked more than 7,000 attempts to attack counterfeit requests between sites in the month of November alone.
The tactic is known as CSRF attacks - Cross-Site Request Forgery - and criminals used this method to execute commands unbeknownst to users, modifying the DNS settings on the router to carry out attacks.
Router exploration kits are already popular in Brazil and, in the last month, the company discovered two pages hosting a version of this kit. And this attack occurs when the user visits a website that contains malicious advertising, which redirects the user to one of the landing pages of the router's exploitation kit, without the user being aware, as the process is done in the background. One of the pages contained the word Avast in the URL.
Routers are vulnerable because they contain weak credentials, delivered at the time of purchase and which can be easily found on the web. Avast research shows that 43% of users have never accessed the administrative interface of the routers to change their passwords. Thus, gadgets can be reconfigured, directing their users to phishing pages very similar to real websites.
We are not sure why criminals use 'avast' in the second URL, but we suspect that this was because we blocked the first landing page. While our Web Shield included in the free and premium versions of Avast Antivirus, blocks attempted attacks against our users, there is no way of knowing whether the more than 200,000 people redirected to the landing pages have been protected or not. " - Simona Musilová, Analyst Avast threats.
Sites from companies like Bradesco, Santander, PagSeguro, Terra, UOL, and Netflix may have been affected. In the case of Bradesco, the victims inserted the website URL in their address bar and were redirected to a phishing version of the bank's website, where they could "log in" to their accounts and even asking for their two-factor authentication code. . When logging in, an error message or a loading message was displayed.
Netflix's case is even worse. The fake page required the victim to enter their email address and then request credit card information even asking the user to upload their credit card scan.
This is not the first time that we have seen these sites as targets for CSRF attacks. They are chosen because they are popular and, in general, require users to log in or enter payment information. After users do this, their login credentials and payment information go directly to cybercriminals, giving them access to Netflix and bank accounts, for example. In addition to alerting your customers, the problem is that few of these services prevent users from being victims, as phishing sites are outside their domain ” - Simona Musilová, Avast Threat Analyst.
Find the best antivirus software to protect against attacks by Cybercriminals.
Comments
Post a Comment