Cyber Security Philippines Computer Emergency Response Team (CSP-CERT) is warning the public of malicious Christmas and New Year greetings from different messaging apps.
CSP-CERT explained that these attacks are typically executed in four steps:
- Victims receive greetings from messaging apps that redirect to different sites.
- Victims are then redirected and bombarded with a lot of greetings
- Victims are then prompted to input their data while the malicious file runs in the background
- The malicious script then accesses the victim’s credentials and sends the message to the victim’s user contacts.
CSP-CERT has identified these websites as malicious (links are not clickable):
- wish-you(dot)co
- wish4u(dot)co
- my-msg(dot)co
- look-me(dot)co
- surprise4u(dot)me
- hookupgist(dot)com
- see-magic(dot)co
- mera-style(dot).co
- whatsapp-style(dot)co
- my-love(dot)co
If you’ve accidentally clicked on any malicious sites, CSP CERT recommends you do the following ASAP:
- Change passwords for your banking and social media accounts
- Reset your browsers
- Update your anti-malware and scan
If you want to see an updated list of malicious links, you may regularly visit CSP-CERT’s Facebook page here.