- Cybercriminals are using the Japanese alphabet to falsify Booking.com
- The scammers are aimed at people with lists on the site
- Users are recommended to carefully review incoming messages
Cybercriminals are falsifying Booking.com with intelligent use of unicode characters in their pHishing destination pages to spread malware.
Independent Security Researcher Alias Jameswt recently reported having seen pHishing emails sent to people who list their real estate in the popular accommodation reserve service. In the email, the victims are told that someone complained about their list and that they must check it quickly or the finishing of the face.
The email also provides the link that when opens, at first glance seems legitimate. However, after a closer inspection, it can be seen in the URL that, instead of the character of the front board ‘/’, the Link Usa ‘ん’ – a Japanese Hiragana character that represents the sound ‘N’.
Typesquatting
Hiragana is one of the three main scripts used in written Japanese, along with Katakana and Kanji.
Those who do not detect the trick and open the site will receive a malicious MSI installer from a CDN link. The researcher added that the samples of the malicious site are already available on the Malawarebazaar cybersecurity platform, and that the analysis of any. It already shows the infection chain.
It is believed that the attackers are falsifying Booking.com to deliver infants and remote access Trojans (rat).
Replacing a single character in the URL, to deceive the victims on the opening websites, has been established for a long time. It is called “Tytripesquatting” and banks in victims who are not careful when checking the URL that they are opening.
Booking.com, being one of the most popular accommodation reserve services in the world, is often falsified in such attacks, along with people such as Amazon, Microsoft, DHL and others.
Defending against these attacks is relatively easy and requires that users slow down and carefully review incoming communications, especially unplayed messages. Double verification links, attachments, websites and think twice before sharing confidential data is the best course of action these days.
Through Bleepingcomputer
