Search This Blog

Showing posts with label Malicious Ad. Show all posts

Fraudulent UK Visa Scams Circulate on WhatsApp

According to a Malwarebytes report, individuals working in the UK are being scammed by a recent phishing campaign on WhatsApp. 

Scammers claim in a WhatsApp message that users who are willing to relocate to the UK for work will be eligible for a free visa as well as other perks. 

Bogus scam message 

Scam operators are disseminating information under the pretext of the UK government, promising a free visa and other advantages to anyone who wants to migrate there. The chosen candidates would be given travel and lodging expenses as well as access to medical facilities. 

The WhatsApp chat app is used to transmit to target volumes to start the fraud. Users are informed that the UK is conducting a recruiting drive with more than 186,000 open job positions because the country will require more than 132,000 additional workers by the year 2022. 

The objective of the scam 

When a victim clicks on the scam link, a malicious domain that looks like a website for UK Visas and Immigration is displayed to them. "Apply for thousands of jobs already available in the United Kingdom," is the request made to foreign nationals as per the scam.

The website's goal is to collect victims' names, email addresses, phone numbers, marital statuses, and employment statuses. 

Any information entered into the free application form is instantly 'accepted,' and the user is informed that they "will be provided a work permit, visa, plane tickets, and housing in the UK for free" according to a Malwarebytes report. 

Report fake WhatsApp messages

Users have the option to Report and Block on WhatsApp if they get a message from someone who is not on their contact list. One should disregard these spam communications and use the report button to file a complaint. Additionally, users can block these contacts in order to stop getting future scam messages from them.

Phishing attacks with a Visa theme are a typical occurrence in the world of cybercriminals. A similar hoax circulated several times in the past to entice people looking to work or study abroad.

Tag Barnakle Targets Various Web Servers with Malicious Ads


In a persistent campaign that features malicious ads on tens of millions, if not hundreds of millions, computers, the criminals have infiltrated more than 120 ad servers and introduced malicious code to legitimate announcements that redirect visitors to sites that promote malware and fraud. This has been going on since the past year, thus attracting benign devices in all external appearances. The malicious activity group behind this campaign is identified by the name Tag Barnakle.

Malvertising is the phenomenon of advertising while the viewers are visiting trustworthy websites. The advertising includes JavaScript that exploits software faults surreptitiously and attempts to make tourists download an unsafe application, pay computer support charges fraudulently or perform other dangerous acts. In general, Internet fraudsters pose as shoppers and pay ad distribution networks for malicious advertising to be shown on individual pages. 

Resources are needed to infiltrate the ad ecosystem as a legitimate buyer. Firstly, scammers need to spend time studying the functioning of the industry and then create a reputable entity. The strategy also calls for the payment of money for space to display malicious advertising. Though this is not the method used by a malvertising group called Tag Barnakle. 

“Tag Barnakle, on the other hand, can bypass this initial hurdle completely by going straight for the jugular—mass compromise of ad serving infrastructure,” Confiant researcher Eliya Stein wrote in a blog. “Likely, they’re also able to boast an ROI [return on investment] that would eclipse their rivals as they don’t need to spend a dime to run ad campaigns.” 

Over the previous year, Tag Barnakle infected  more than 120 servers running Revive, an open-source application for companies who want to run their ad server instead of a third-party provider. Once an advertising server has been hacked, Tag Barnakle loads it with a malicious payload. The group does not use customer fingerprint identification to recognize the most enticing targets, to assure the malicious ads are received only in limited numbers. The servers which supply the targets with a secondary payload also use coating techniques to ensure they also fly below the radar.

As Confiant posted on Tag Barnakle last year, the community found that about 60 Revive servers had been compromised. This feature allowed the group to distribute advertising on over 360 web assets. The commercials have triggered fake Adobe Flash updates that install malware on desktop computers while it is running. Tag Barnakle targets both iPhone and Android customers this time. Web pages receiving an ad from an affected server provide extremely confused JavaScript to decide if a visitor uses an iPhone or Android smartphone. 

The advertisements are mainly aimed at highlighting fake protection, safety, or VPN apps with secret subscription fees or “siphon off traffic for nefarious ends.” The advertising may also be extended to thousands of individual websites with ad servers frequently combined with several publicity exchanges. Confident does not know how many terminal users are comprised but the company considers the number to be huge.