- Cybercriminals use Japanese alphabet for Spoof Booking.com
- The crooks target people with lists on the site
- Users are advised to carefully review incoming messages
Cybercriminals usurpent booking.com with intelligent use of unicode characters in their pages of phishing destination to spread malware.
The independent security researcher, alias Jameswt, recently reported having seen phishing emails sent to people listing their real estate on the popular housing booking service. In the email, the victims are informed that someone complained about their list and that they should see him quickly or face the end.
The email also provides the link which, when open, at first glance, seems legitimate. However, in more in -depth inspection, it can be seen in the URL that instead of the character of Dash forward ‘/’, the link actually uses ‘ん’ – a Japanese Hiragana character representing the sound ‘n’.
Typosquat
Hiragana is one of the three main scripts used in Japanese written, alongside Katakana and Kanji.
Those who fail to spot the trick and open the site will receive a malicious MSI installer from a CDN link. The researcher added that samples from the malicious site are already available on the Malawarebazaar cybersecurity platform, and that the previous analysis already shows the infection chain.
It is believed that the attackers usurped Booking.com to deliver infosters and Trojan horses remotely (RAT).
Replacing a single character in the URL, in order to encourage victims to open websites, is a long -standing practice. It is called “typosquat” and the banks on the victims not paying attention during the examination of the URL they open.
Booking.com, being one of the most popular accommodation booking services in the world, is often usurped in such attacks, with Amazon, Microsoft, DHL and others.
Defense against these attacks is relatively easy and obliges users to slow down and carefully examine incoming communications, in particular unsolicited messages. Links, attachments, websites and reflection twice to share sensitive data are the best action plan these days.
Via Bleeping Compompute
