Avast_Threat_ Research: CNN, People Magazine and CNBC News sites faked to promote pho

[harlan4096]

Scam websites have tricked over 10,000 people in the U.S. to visit a fake shop selling a book for $37 which can actually be downloaded for free

Beware of another attempt by scammers to use the coronavirus pandemic to their advantage, in this case by selling you an e-book for $37, which actually is available for download for free. The title of the book is Pandemic Survival and it contains a collection of tips and advice allegedly used by the government. The tips include advice on how to quarantine properly, “isolated in a tent outdoors”, and recommends the use of “BioImmune”, a supplement to “support your body to help fight off harmful germs and viruses”, which the e-book conveniently links to. From April 1 until April 20, we have seen more than 10,000 attempted visits by U.S. users to the shop website, over 900 visits from the UK, and over 600 from Canada and Australia each. Avast blocks the shop URL and the URLs of fake websites promoting the shop.

The main element of the scam website is a video player designed to mimic YouTube. The purpose of the video is to persuade users to buy the e-book. The checkout process is handled by the website BuyGoods.com where the users are redirected if they attempt to buy this book. When the money is transferred, the user will receive a link to download his newly purchased book. This link leads to the site psurvival[.]org.

The interesting part is that no security precautions are taken to deliver the e-book. So anybody can download this ebook for free without any verification. The certificate and “whois” information does not look like they belong to a serious business.

The phone number listed in the whois record has some negative reviews left by users.

Our data shows that there is a decent amount of activity around this scam campaign. A reason for this may be that this campaign not only spreads via email, as confirmed by cybersecurity blog OSINT Fans, but also via malvertising, which means cybercriminals purchase ad space from an ad network to display malvertising, malicious advertisements promoting the campaign, on scam websites.

We took a closer look at the scam website healthylifeupdate [.]com, and noticed that the threat actors take advantage of popular media brands to create a sense of trust among readers. So if users visit healthylifeupdate [.]com, they will encounter a website with the logo, look, and feel of CNN’s, CNBC’s, and People’s websites, stealing their brands.
 
The websites healthylifeupdate [.]com and usmagazine-trending-news[.]com both contain redirecting links to the scam shop, PandemicSecrets[.]org. 
Both of the following scam websites contain redirects, which take users anywhere attackers want.
...

Continue Reading