Malware Uses Trending Celebrities to Drag New Victims into Botnets
A new illicit campaign using celebrity names such as Madonna and Rihanna infects computers with malware and recruits users into rapidly growing botnets, according to Bitdefender.
Both Rihanna, the 6th most popular star in the US this year with 4.090.000 local monthly searches, according to a Google search tool, and Madonna, who ranks 19th, with 1.830.000 searches a month, are used as baits to make users click on malicious websites hosted on Russian domains.
Opening the link infects vulnerable users with malware that steals their private data and places their computers in the hands of the attackers. Users then spread malware themselves as their computers are taken over by a command-and-control server, and become zombies in a botnet, or illegal collection of infected computers controlled by cyber-criminals.
“Clicking on an e-mail that contains names such as Pink, Justin Bieber or Rihanna definitely poses a degree of risk,” said Bitdefender Chief Security Strategist Catalin Cosoi. “The risk is even greater when the celebrities named in the e-mail are the subject of a recent scandal or some other big news. Scammers are constantly following stars and trends to figure out what people most want to read about, then they serve it to them, laced with malware.”
In the latest malware campaign using celebrity names, subjects such as “FWD: Best of Madonna” and “Justin Bieber fan’s suicide” lure users to malicious Russian domains or fake Canadian pharmacy sites. To make the Rihanna scam seem like a commercial for one of her famous hits, cyber-crooks included the word “Umbrella” in spam messages. They also used her name in e-mails allegedly coming LinkedIn to promote bows and risers. The same campaign takes advantage of other celebrities such as English singer Adele, ranked 11th in the most popular US celebrity searches.
After several machines were infected and started sending out malicious e-mails with Madonna and Rihanna’s names, antivirus software has already started to pick up and block links that attempt to push and install Trojans and exploits.
British X-Factor judge Tulisa, ranked second in UK celebrity searches, is also used as bait for selling Viagra.
Users are still not fully aware of the risks they face when searching out celebrities via social media channels, where scams are more effective because they are spread among friends.
Celebrity scams on Facebook usually follow the same pattern: they promise to unravel a scandalous movie or picture of a well-known star to steal users’ tokens or install add-ons in their browsers.
The names of stars popular with teenagers and very active on social media allow scammers to spread malicious files more easily. On Facebook, for instance, some of the most frequently “exploited” celebrities are Rihanna, Miley Cyrus, Lady Gaga, Eminem, Emma Thomson, and Justin Bieber. Recently, a fake breaking news announcement about a Miley Cyrus sex tape was used to steal Facebook authentication tokens. This granted the scammers temporary access to the victims’ accounts, including their lists of friends.
Users can still search for their favorite celebrities on the Internet and on social media, by keeping the following in mind:
- Malware using (currently famous) celebrity names takes advantage of computer vulnerabilities, so users should reinforce their device’s security, be it a smartphone, a laptop or a tablet. Keep your operating system, browser, Java and Flash plugins updated. Goes without saying that you should have a fully featured antivirus solution active and recently updated.
- Double check any links or videos with celebrities, even though they were shared by close friends on social networks. Odds are that most of the “never before seen sex tape” leads to malware.
- Always check your “wall” and messages to make sure you haven’t involuntarily spread the scam. Do note there are solutions to keep your Facebook experience safe. Check out Safego!
- Be suspicious of e-mails from celebrities who want to be your friends on social networks such as LinkedIn, Twitter or Facebook. Unless your best friends’ names are Rihanna, Madonna or Adele, you shouldn’t open messages coming from such “stars.”
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
This article is based on the technical information provided courtesy of Ionut Raileanu, Bitdefender Spam Analyst.