CSP-CERT warns public of malicious holiday greetings

Cyber Security Philippines Computer Emergency Response Team (CSP-CERT) is warning the public of malicious Christmas and New Year greetings from different messaging apps.

CSP-CERT explained that these attacks are typically executed in four steps:

1. Victims receive greetings from messaging apps that redirect to different sites.
2. Victims are then redirected and bombarded with a lot of greetings
3. Victims are then prompted to input their data while the malicious file runs in the background
4. The malicious script then accesses the victim’s credentials and sends the message to the victim’s user contacts.

CSP-CERT has identified these websites as malicious (links are not clickable):

• wish-you(dot)co
• wish4u(dot)co
• my-msg(dot)co
• look-me(dot)co
• surprise4u(dot)me
• hookupgist(dot)com
• see-magic(dot)co
• mera-style(dot).co
• whatsapp-style(dot)co
• my-love(dot)co

If you’ve accidentally clicked on any malicious sites, CSP CERT recommends you do the following ASAP:

• Change passwords for your banking and social media accounts
• Reset your browsers
• Update your anti-malware and scan

If you want to see an updated list of malicious links, you may regularly visit CSP-CERT’s Facebook page here.