Crooks hacked other celebrity Instagram accounts to push scams

There is the same group behind the hack of the celebrity Instagram accounts, attackers used the same attack pattern to push scams.

The same threat actor continues to target celebrity Instagram accounts to push scam sites to their wide audience. Recently the Instagram account of the popular actor Robert Downey Jr. (43.3M followers) has been hacked, other victims are the singer Nicole Scherzinger (3.9; followers), and the actresses and TV stars Yanet García (11.5M followers) and Chloë Moretz.

Once the hackers have taken over the celebrity Instagram accounts have posted multiple shortened links leading to pages with surveys that were used to collect personal information.

In this way attackers could generate profits in two way, reselling the information provided by the users and earning a fee for each survey completed.

The experts observed the threat actors behind the attacks following a specific scam pattern.

“Each of the Instagram accounts were hijacked over the past couple of weeks and the attackers were in control enough to rotate multiple shortened links leading to webpages with surveys that collect personal information; this is sold for marketing purposes, typically of a darker shade.” reported BleepingComputer.

Once hacked the celebrity Instagram accounts the modify the bio to post messages saying that the celebrity was allegedly giving away 2000 iPhone XS devices and directing followers to his Story page for more offers like this.

The hackers also published a link, created with the URL shortening service, in the account bio that was pointing to a survey page likely set up to collect personal information.

The landing pages used in the attacks are hosted on the same domain, dudemobile[.]net.

In the hack of Nicole Scherzinger and Yanet García accounts, the threat actor used a more effective bait, it announced in the bio section the availability of a sex tape through an app available at a provided link.

The attackers promise to release the sex tape when the app download counter hit 5,000. The hacked account showed a fake nude image in the attempts to lure the visitor.

Security experts are warning users to secure their online accounts, using strong passwords and enabling two-factor authentication when available.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – celebrity Instagram accounts, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]