These example pages were originally legitimate resources.Later on, they were hacked by cybercriminals to spread malware. Among the threats spread on the detected websites experts at the cybersecurity firm found web skimmers – usually embedded in the code of online shops to steal user payment data, leading to the potential financial loss of a victim.
Malware, phishing tools detected in women-centric pages
In the code of the pages, researchers detected the Balada injector, a malware that automatically redirects the user to bogus captcha pages and forces them to allow notifications from the website. If a victim agrees, their browser will constantly pop-up a huge number of intrusive notifications on third-party pages, imposing scam content.
SocGholish malware was also detected among web threats on women’s community sites. This threat persuades users to download and run a malicious script under the guise of browser updates. At different times, SocGholish infection was used to spread malicious remote admin tools, allowing an attacker to gain full access to the device without the user’s knowledge, data stealers or botnets, making the victim’s device to carry out cyberattacks itself.
Additionally, researchers also detected several phishing pages masquerading as books about breastfeeding, pregnancy, and nutrition for fertility. To continue reading, victims had to enter their personal and bank card details. Once entered, this information was automatically transmitted to the attackers, while access to the book was never granted.
What the company said about the security of these pages
Victoria Vlasova, Malware Analyst Team Lead at Kaspersky said: “The targets of cybercriminals know no bounds and anyone can fall victim to their schemes. Websites, irrespective of their audience, are vulnerable to mass attacks and what’s particularly concerning is that even reputable platforms can be infiltrated and compromised. As we celebrate International Women’s Day, we need to recognise the importance of safeguarding our online presence. It’s essential for women, who often face heightened risks online, to exercise caution when installing software or sharing personal information. It’s a reminder to prioritise our digital safety and empower each other by using reliable cybersecurity measures.”
In a special project “Letters to the Past”, female Kaspersky employees have also highlighted the importance of women supporting women and share what advice they would give to their past selves — girls who may still be afraid of the IT world, but later, have become superheroes protecting the world from cyberthreats.