Since its disappearance on 8th March, Malaysian Airlines MH370 has been subject to much online buzz. Several theories related to the flight’s disappearance have already risen, making any tidbit of information enticing to anyone interested. As with the Boston marathon and Typhoon Haiyan incidents, cybercriminals have not hesitated to use hot topics to trick unsuspecting victims in their schemes.
Trend Micro reported that last Friday, 14th March, scammers exploited the news of flight MH370 to encourage Facebook users to hit a malicious link, which was labeled “[BREAKING NEWS] Malaysia Plane Crash into Vietnam sea MH370 Malaysia Airlines is FOUND!”
Once clicked, a spoofed Facebook loads, with a "ready-to-play" video. Clicking anywhere on this page will take you to another spoofed page. If the user clicks again, he/she will be prompted to share the link so he/she can see the video. Obviously, sharing the video will help cybercriminals spread their malicious link to other users. But that's not all. After sharing, the poor user will be asked to verify his/her age by completing a supposed "test", which is actually another survey scam.
About 32% of the clicks came from NABU (North America region), while 41% were from APAC. The spoofed site has since been taken down.
TrendLabs had also discovered an executable file, named "Malaysian Airlines MH370 5m Video.exe". It has been detected as BKDR_ANDROM.WRPX. Cybercriminals made the file look like a video to lure users to open it. Once downloaded, the backdoor downloads additional files as well as collects information such as the user’s IP address.
Trend Micro is advising users to stay alert, and exercise caution before clicking on any shared links.