Kaspersky: Beware Of Phishing Sites Containing Malware Targeting Women

Photo: Illustration of fraudulent pages for reading books (photo: Kaspersky)

JAKARTA - Phishing scams and other types of cybercrime do not target any gender, whether you're male or female, you could be a victim of the crime.

The target of cybercriminals knows no boundaries, and anyone can fall victim to their scheme. The website, regardless of audiences, is vulnerable to mass attacks and the most worrying is that platforms that have a good reputation can now be compromised, said Victoria Vlasova, Malware Analyst Team Lead in Kaspersky.

However, Kaspersky experts have conducted research and managed to find dozens of phishing websites and pages infected with malware, most of which target women.

In his research, Kaspersky discovered various pages of fraud, including community sites, forums with recommendation articles, online stores selling clothes or cosmetics to women, and more.

Among the threats spreading, Kaspersky experts discovered a web skimmer, which is usually embedded in an online store code to steal user payment data, which causes potential financial losses to its victims.

In addition, the page code also detects the Ballad injector, a malware that automatically directs users to fake captcha pages, and forces users to allow notifications from websites.

If the victim agrees, their browser will continue to bring up a large number of annoying notifications on third-party pages, featuring fraudulent content.

Kaspersky also detects SocGholish Malware on women's community sites. This threat persuades users to download and run malicious scripts under the guise of browser updates. SocGholish infection allows attackers to gain full access to the device without the user's knowledge, data thief, making the victim's device perform its own cyberattack.

In addition, Kaspersky researchers detected several phishing pages disguised as books on breastfeeding, pregnancy, and nutrition for fertility. To continue reading, victims usually have to include personal details and their banking cards.

Once entered, this information is automatically sent to the attacker, while access to the book has never been provided.