In perhaps one of the biggest phishing incidents targeting some of the world’s largest news organizations, hackers have created fake replica websites of news portals of 900 global news portals, including at least 57 from India including websites of The Hindu, NDTV, Hindustan Times, and News18 among many others and are using them to distribute malware and scam advertisements.
Other affected news portals include those belonging to Jagran, Moneycontrol, DNA, Punjab Kesari, Jan Satta, First Post and Business Standard. Global news portals that were targeted include portals of BBC, Washington Times, and The Australian among several others.
The issue came to light when an anti-piracy researcher Mayur Kachare was investigating a case of piracy for a Spanish client.
“We initially found a website that was replicating some content of one of our Spanish clients. It appeared to be a case of piracy. But after close inspection, we noticed it was a phishing website that was created to target users with malware and scam advertisements,” Kachare, founder and CEO of Pirates Alert, told ETCIO in an exclusive interview.
Kachare found not just one but over 900 such websites created by the same group of hackers that were hosting each of these portals on an Iceland based domain server.
While the nature of the malware is yet to be detected, Kachare found clear evidence of malware and scam ads being present on each of these phishing websites.
“The scammers have been so careful in replicating the websites that not just the front page but nearly all pages of the websites have been replicated. Even the URL of the website looks identical and it is easy to mistake them with the authentic website. They have just replaced “.com” with “-com” in most cases and hosted them on newsproxy.app domain,” Kachare said.
Phishing incidents have rapidly increased in the past year as hackers see these as a means to make quick and easy money. As per Google, 46,000 new phishing websites were detected each week in 2020. In fact February, April, March and May in 2020 witnessed weeks with over 50,000 new phishing site detections.
A variety of phishing campaigns are taking advantage of the heightened focus on COVID-19 to distribute malware, steal credentials, and scam users out of money, said a report from Barracuda Networks, which also highlighted a 667 percent increase in Covid-related phishing attacks.
Fake News
While it is still under investigation, Kachare suggested that the motive of creating such a large number of phishing news websites could actually be to spread misinformation and fake news.
There has been an astronomical rise in the number of fake news websites on the internet. Internet giants Google, Facebook and Twitter have been accused of being unable to control the spread of fake news website and misleading content.
Just last month, Mark Zuckerberg, Sundar Pichai and Jack Dorsey were grilled by US politicians over the proliferation of disinformation on YouTube, Twitter and Facebook. But it has been such a big challenge for internet giants to control fake news that they’ve set up armies of people checking fake news while at the same time partnering with fact-checking services to authenticate any controversial news in circulation.
Latest Update
After reporting the new phishing websites to Google, Google temporarily flagged them as deceptive website. However, to cover up their tracks the original fake website URLs are now redirecting to random websites instead of fake websites.
However, cached versions of these websites can still be accessed through a simple Google search. Kachare said this suspension of the websites by the hackers appears to be temporary though.
“Most probably after hiding for a while the phishing domain will resurface again. It appears they are only trying to have a low profile right now to avoid any further action from Google. They are likely to come back soon with a more vicious plan in place. We all, therefore, need to be very careful while clicking on any news link,” Kachare said.