Crooks hacked other celebrity Instagram accounts to push scams

There is the same group behind the hack of the celebrity Instagram accounts, attackers used the same attack pattern to push scams.

The same threat actor continues to target celebrity Instagram accounts to push scam sites to their wide audience. Recently the Instagram account of the popular actor Robert Downey Jr. (43.3M followers) has been hacked, other victims are the singer Nicole Scherzinger (3.9; followers), and the actresses and TV stars Yanet García (11.5M followers) and Chloë Moretz.

Once the hackers have taken over the celebrity Instagram accounts have posted multiple shortened links leading to pages with surveys that were used to collect personal information.

In this way attackers could generate profits in two way, reselling the information provided by the users and earning a fee for each survey completed.

The experts observed the threat actors behind the attacks following a specific scam pattern.

“Each of the Instagram accounts were hijacked over the past couple of weeks and the attackers were in control enough to rotate multiple shortened links leading to webpages with surveys that collect personal information; this is sold for marketing purposes, typically of a darker shade.” reported BleepingComputer.

Once hacked the celebrity Instagram accounts the modify the bio to post messages saying that the celebrity was allegedly giving away 2000 iPhone XS devices and directing followers to his Story page for more offers like this.

The hackers also published a link, created with the URL shortening service, in the account bio that was pointing to a survey page likely set up to collect personal information.

The landing pages used in the attacks are hosted on the same domain, dudemobile[.]net.

Source: BleepingComputers

In the hack of Nicole Scherzinger and Yanet García accounts, the threat actor used a more effective bait, it announced in the bio section the availability of a sex tape through an app available at a provided link.

The attackers promise to release the sex tape when the app download counter hit 5,000. The hacked account showed a fake nude image in the attempts to lure the visitor.

Security experts are warning users to secure their online accounts, using strong passwords and enabling two-factor authentication when available.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – celebrity Instagram accounts, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.