Cybercriminals have managed to insert advertisements for piracy services on institutional and government web pages around the world, for which they have used PDF files containing these offers, a campaign that would have affected the Spanish Red Cross.
The malicious actors have integrated hacking service offers in PDF documents that include the web pages of official organizations, such as communications or data forms.
These documents link to external websites where the ads are found, on which the cybercriminals claim to be able to hack Instagram, Facebook or Snapchat accounts and promise other services such as achieving goals in video games using cheats and getting fake followers on social networks.
These malicious actors have targeted the official websites of various state and local governments, as well as counties and universities, with the .gov and .edu domains.
Among the organisms affected by this intrusion are the state governments of California, North Carolina Ohio and Wyoming (United States), as well as the universities of Buckingham (United Kingdom) Del Norte (Colombia) and the US UC Berkeley, San Diego and San Francisco.
This has been learned by TechCrunch, based on what was reported by the Citizen Lab researcher John Scott-Railton which has indicated that cybercriminals would not only have carried out this malicious campaign on web pages with the aforementioned domains.
According to their analysis, the cybercriminals have also managed to insert advertisements for hacking services on other websites, such as the corresponding one for the Spanish Red Cross and on the website of industrial corporations como Rockwell Collins y Raytheon.
From TechCrunch they also suggest that, because some of these offers have a publication date, they could have been available online for some time and within the reach of users who accessed or downloaded these files.
For his part, Scott-Railton has pointed out through his personal Twitter profile that cybercriminals could have exploited this ‘spam’ “for more nefarious things”. In this case, the cybercriminals would only have shared their offers within the PDFs, even though “they could have uploaded pdfs with malicious content or links,” according to this researcher.
Following an analysis of the websites where these hacking service postings were placed, TechCrunch has concluded that the hackers’ purpose was to generate money through clicks to these offers.
In this sense, he has pointed out that the creators of this campaign make use of open source tools to create verification pop-up windows, at which time they would be generating money in a background.
On the other hand, TechCrunch has insisted that three of the victims of this malicious campaign -the University of Washington, the city of Johns Creek and the Community Colleges of Spokane (all of them from the United States)- pointed out that the problem was due to the content management system Kentico CMS.