Rewterz Threat Alert – Bitter APT Group – Active IOCs
October 25, 2023Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
October 25, 2023Rewterz Threat Alert – Bitter APT Group – Active IOCs
October 25, 2023Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
October 25, 2023Severity
High
Analysis Summary
Scammers are taking advantage of the terrible events of Israeli war against Palestine by pretending to be legitimate charities and collecting cryptocurrency donations. There are several posts on social media where scammers list suspicious cryptocurrency wallet addresses to lure victims into sending them funds.
Researchers have also discovered over 500 fraudulent fundraising emails sent out pretending to be charities. These scams are similar to the ones that emerged during the Russian-Ukraine war and when Turkey was hit by earthquakes. These scammers try to evoke emotions of their victims by posting pictures of wounded soldiers, women, and children.
One example of these scam accounts is “Gaza Relief Aid” which uses the domain name ‘aidgaza.xyz’ and is not associated with any legitimate charitable organizations despite claiming to be “An Islamic Relief Initiative”. However, the evil twin website has been lifted from the Islamic Relief’s official website
The website shows a handful of “press releases” copied from news wire agencies that report on the ongoing war, but other than that the website has no information about the people behind it or the organization, neither a contact number nor a physical address. The malicious users behind this scheme have posted their Bitcoin, Ethereum, and USDT addresses as well as the social media accounts where the funds should be sent.
Fortunately, the crypto addresses’ transaction history shows that no donations have been sent yet to any of these addresses, whereas some social media posts show a third party stating that they have donated and the operator confirming that they have received them. This shows that the scammers are utilizing the tactic of having fake accounts to lend some credibility to their operations.
Researchers have also shared their findings of noticing more than 500 scam emails along with fraudulent websites being sent to unsuspecting victims. They use emotional language and visual aids to allure the users to visit the websites and spend their money on the fraudulent charity.
These websites support options for easy money transfer through crypto like Bitcoin, Tether, Litecoin, and Ethereum. Using the listed wallet addresses, the cybersecurity experts were able to find even more fake web pages that claim to collect funds for various other groups.
These web pages use multiple text variations in order to evade spam filters, like switching certain words with their synonyms. The researchers warn that these types of scam websites can duplicate rapidly because all they have to do is modify their design and target specific groups.
The best practice to avoid these scams is by thoroughly investigating the page before sending donations. Fake websites usually don’t give important information about the charity organizers, legitimacy documentation, and ways to contact them directly.
Remediation
- Always be suspicious about links posted on social media platforms.
- Never click on suspicious links/attachments.
- Before making any donations, research the charity or organization to ensure its legitimacy.
- Do not provide personal or financial information in response to unsolicited requests.
- Ensure that general security policies are employed including: implementing strong passwords, correct configurations, and proper administration security policies
- Use multi-factor authentication: Implement multi-factor authentication for all accounts to make it more difficult for attackers to gain access to sensitive systems and data.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
- Keep software up-to-date: Ensure that all software is kept up-to-date with the latest security patches to minimize the risk of vulnerabilities being exploited.
- Regularly backing up your important data can help ensure that you don’t lose any critical information in the event of a malware infection or other data loss event.
- Be vigilant and thoroughly investigate a web site before transferring money online.