As usual, the cyber criminals are opportunistic and are quick to take advantage of global hotspots to create hoaxes that allow them to take advantage of public attention either by stealing money from unsuspecting users or by infecting them with malwarefor example.
Recently, researchers from ESET They discovered a series of malicious campaigns that are based on social engineering and that they seek to extort money from users as bait for what is happening in Ukraine and the demand to raise money to help the people of the affected country after the invasion russian.
What are the organizations and profiles that promote false donations
On the one hand, an initiative to promote a new token, called ‘Ukrainian Token’to help the country deal with this delicate situation it is going through.
On the other hand, a campaign in which cybercriminals acted as a humanitarian aid organization called ‘Help for Ukraine’, which was supposed to raise funds to help.
In both cases, there was no mention of who would be the presumed beneficiary of the aid, nor was there any mention of a known official agency.
Help page for Ukraine invites anyone to donate 5 euros through PayPal. In the case of tokens, if a user wants to buy tokens, they will be redirected to a trading platform. cryptocurrencies call PinkSale.
As it explains on its website, it is a platform that helps you create your own tokens and sell them in seconds.
But these are not the only frauds discovered today. Shortly after the ESET research team published the details of these fake websites on Twitteras seen in the following post, the community shared other fake profiles used with the same technical strategy on social networks:
Other forms of fraud
But as mentioned above, the forms of fraud are diverse. It has been appreciated for a long time, when the pandemic and cybercriminals launched campaigns of phishing in all shapes and colors to deliver everything, from Trojans to theft of confidential information.
On Reddita user shared details of a Phishing email from someone claiming to be from Ukraine and desperate for any help possible.
At the end of the email, leave your bitcoin wallet address to top up. Other users also said that they were promoting the prank on Instagram.
Cybercriminals are rapidly implementing their attacks and the recent growth of registered domain names that include the word ‘Ukraine’, and reflects the number of fake websites that will start circulating.
Ghostwriter: a group of hackers
Meanwhile, a group of hackers called Ghostwriterwhich is believed to be operating from Russia, has intensified its actions against military figures and journalists in Ukraine in recent days, according to the security team of Goal.
The typical Ghostwriter tactic consists of targeting victims with “phishing” emails that trick them into clicking deceptive links in order to steal their login credentials.
The goal of compromising Facebook accounts appears to be the dissemination of links to misinformation, such as a video of Youtube falsely claiming to be of Ukrainian soldiers surrendering to Russian troops, according to Meta.
“We have taken steps to secure accounts that we believe were targeted by this threat actor”, said the head of Meta security policy, Nathaniel Gleicher.
“We also blocked phishing domains that these hackers used to try to trick people in Ukraine into compromising their online accounts.”
On Friday, Facebook restricted the ability of Russian state media outlets to make money on the social media platform as Moscow’s invasion of neighboring Ukraine reached the streets of Kiev.