Posted on January 26, 2022 at 5:38 PM
A recent report has revealed that threat actors are hijacking the Instagram accounts of influencers and businesses to scam victims in a new phishing campaign.
According to the report, the campaign was discovered in October last year. The threat actors are taking control of the accounts of these influencers and demanding a ransom to release the accounts back to their rightful owners.
The bad actors responsible for the attack begin by sending a message and disguising it as Instagram to inform users of cases of privacy. The message contains a link that sends the victims to a hacker-managed website. Once the user goes to the page and enters their Instagram account details, the threat actor gains full access to the accounts and blocks the user by changing the information.
The Hackers Send Ransom Message After Hacking The Accounts
Secureworks says once the attacker succeeds in changing the username, they start sending ransom messages to the victim, requesting them to pay up or risk losing their accounts. Most of the accounts targeted are popular Instagram accounts with lots of followers.
The hackers also attack business accounts that may not want to lose the social media contact of their clients or customers.
The updated username uses a variation of “pharabenphaway” and the number of followers of the hijacked account.
Once the account is successfully hacked, the attacker adds the following comment to the profile: “This Instagram account is retained for sale to the owner”. The threat actor also sends another message that informs the victim to start ransom negotiations with them or risk losing their account completely.
There is also a link attached to the profile It consists of the shortened WhatsApp domain name (wa.me) as well as contact number.
Once the victim clicks the link, they will be redirected to a WhatsApp chat conversation where they can negotiate the ransom terms with the hackers.
The Hackers Are Based In Turkey And Russia
Secureworks stated that threat actors have already hacked several accounts when they launched the campaign last year.
If the victim refuses to negotiate with the hacker or didn’t meet their ransomware demand, the hackers are forced to sell the account on the darknet (an underground online forum for hackers and other bad actors).
The security researchers, while searching the underground forum, discovered a post in September that sells access to a seized Instagram account for $40,000.
Secureworks also noted that the threat actors usually provide phone numbers, which indicate that they operate from Turkey and Russia. There is another evidence that shows that they are based in Russia.
Threat Actors Can Have Access To Companies’ Vital Documents
In one of the communications with a victim, the hacker used the Turkish version of Instagram. Additionally, one of the page sources for the phishing website refers to the Turkish hizliresim .com file-sharing service.
The researchers added that the type of attack can give the threat actors unauthorized access to email accounts and other important corporate resources if the passwords are reused. In most phishing attacks, the attacker tries to get vital information from the user’s account.
The hijacking of Instagram accounts suggests that the threat actors are mainly interested in collecting ransom from their victims.
But in some instances, the hackers could get their hands on important company emails and resources they can use for other forms of attacks in the future.
It’s not clear how many people or organizations have fallen prey to this type of attack. But since the campaign began in September last year, some people may have already been victimized.
The Increasing Level Of Hackers On Social Media
The latest campaign is evidence that threat actors are not relenting in their efforts to make financial gains either through network vulnerability or via phishing methods. It’s also an indication that social media is increasingly becoming the feasting nest of hackers, who are using various means to gain funds from their victims, including blackmail and ransom demands.
As a result, people have been advised to step up their game when it comes to protecting themselves online. The recent attack is, once again, calling the attention of business organizations that are using social media to gain customers and grow their brands. It has also highlighted the increasing importance of social media influencers and the need for them to protect themselves more.