Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Crooks hacked other celebrity Instagram accounts to push scams

There is the same group behind the hack of the celebrity Instagram accounts, attackers used the same attack pattern to push scams. The same threat actor continues to target celebrity Instagram accounts to push scam sites to their wide audience. Recently the Instagram account of the popular actor Robert Downey Jr. (43.3M followers) has been […]

Celebrity Instagram Account hacked

There is the same group behind the hack of the celebrity Instagram accounts, attackers used the same attack pattern to push scams.

The same threat actor continues to target celebrity Instagram accounts to push scam sites to their wide audience. Recently the Instagram account of the popular actor Robert Downey Jr. (43.3M followers) has been hacked, other victims are the singer Nicole Scherzinger (3.9; followers), and the actresses and TV stars Yanet García (11.5M followers) and Chloë Moretz.

Once the hackers have taken over the celebrity Instagram accounts have posted multiple shortened links leading to pages with surveys that were used to collect personal information.

In this way attackers could generate profits in two way, reselling the information provided by the users and earning a fee for each survey completed.

The experts observed the threat actors behind the attacks following a specific scam pattern.

“Each of the Instagram accounts were hijacked over the past couple of weeks and the attackers were in control enough to rotate multiple shortened links leading to webpages with surveys that collect personal information; this is sold for marketing purposes, typically of a darker shade.” reported BleepingComputer.

Once hacked the celebrity Instagram accounts the modify the bio to post messages saying that the celebrity was allegedly giving away 2000 iPhone XS devices and directing followers to his Story page for more offers like this.

Crooks hacked other celebrity Instagram accounts to push scams Robert Downey Jr hacked

The hackers also published a link, created with the URL shortening service, in the account bio that was pointing to a survey page likely set up to collect personal information.

The landing pages used in the attacks are hosted on the same domain, dudemobile[.]net.

In the hack of Nicole Scherzinger and Yanet García accounts, the threat actor used a more effective bait, it announced in the bio section the availability of a sex tape through an app available at a provided link.

The attackers promise to release the sex tape when the app download counter hit 5,000. The hacked account showed a fake nude image in the attempts to lure the visitor.

Security experts are warning users to secure their online accounts, using strong passwords and enabling two-factor authentication when available.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – celebrity Instagram accounts, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]