As the world honored women during the International Women’s Day, Kaspersky experts conducted research and found malware-infected websites and phishing pages mainly targeting women – including community sites, forums with advice articles, online stores selling clothes or cosmetics, and more.
Some of the web pages were originally legitimate resources, later hacked by cybercriminals to spread malware. Among the threats spread on the detected websites Kaspersky experts found web skimmers – usually embedded in the code of online shops to steal user payment data, leading to the potential financial loss for a victim.
RELATED: 8.7% of users encountered phishing attacks in Africa in 2022, global attacks exceeds 500m
Moreover, in the code of the pages the researchers also detected Balada injector, a malware that automatically redirects the user to bogus captcha pages, forcing the user to allow notifications from the website. If a victim agrees, their browser will constantly pop-up a huge number of intrusive notifications on third-party pages, imposing scam content.
SocGholish malware was also detected among web threats on women’s community sites. This threat persuades users to download and run a malicious script under the guise of browser updates. At different times, SocGholish infection was used to spread malicious remote admin tools, allowing an attacker to gain full access to the device without the user’s knowledge, data stealers or botnets, making the victim’s device to carry out cyberattacks itself.
Additionally, Kaspersky researchers detected several phishing pages masquerading as books about breastfeeding, pregnancy, and nutrition for fertility. To continue reading, victims had to enter their personal and bank card details. Once entered, this information was automatically transmitted to the attackers, while access to the book was never granted.
“The targets of cybercriminals know no bounds. Websites, irrespective of their audience, are vulnerable to mass attacks and what’s particularly concerning is that even reputable platforms can be infiltrated and compromised. As we celebrate International Women’s Day, we need to recognise the importance of safeguarding our online presence. It’s essential for women, who often face heightened risks online, to exercise caution when installing software or sharing personal information. It’s a reminder to prioritise our digital safety and empower each other by using reliable cybersecurity measures,” comments Victoria Vlasova, Malware Analyst Team Lead at Kaspersky.
Ahead of International Women’s Day, in our special project “Letters to the Past”, female Kaspersky employees highlight the importance of women supporting other women by sharing the advice they would give to their past selves – girls who may still be afraid of the IT world, but later, have become superheroes protecting the world from cyberthreats. Find their inspiring stories on the Women in Tech website, proving nothing can hold you back.
To avoid falling a victim of cybercriminals, Kaspersky experts recommend:
- Be mindful of sharing personal information: Be careful when providing personal information online, especially sensitive details like your address, phone number, or financial information. Only share this type of information on trusted and secure platforms.
- Trust reliable sources: Rely on official websites, authorised retailers, and reputable sources. Avoid unofficial or suspicious sources that may try to exploit your enthusiasm.
- Use security solutions: Use a reliable security solution, such as Kaspersky Premium, that identifies malicious attachments and blocks phishing sites.