Cybercriminals Spread Hacking Service Ads via PDF Files on Government and Institutional Websites Worldwide

Cybercriminals have managed to insert advertisements for pirated services into institutional and government web pages around the world, for which they have used PDF files containing these offers, a campaign that reportedly affected the Spanish Red Cross.

Malicious actors have embedded hacking service offers into PDF documents that include official agency web pages, such as data or communication forms.

These documents link to external websites where the ads are found, where cybercriminals claim to be able to hack Instagram, Facebook or Snapchat accounts, and promise other services such as achieving goals in video games using cheats and getting fake followers on social networks.

These malicious actors have targeted the official websites of various state and local governments, as well as counties and universities, using the .gov and .edu domains.

Among the organizations affected by this interference are the governments of the states of California, North Carolina, Ohio and Wyoming (United States), as well as the universities of Buckingham (United Kingdom) Del Norte (Colombia) and the American UC Berkeley, San Diego and San Francisco.

This has been learned by TechCrunch, based on what was reported by Citizen Lab researcher John Scott-Railton, who has indicated that cybercriminals would not only have carried out this malicious campaign on web pages with the aforementioned domains.

—

According to their analysis, cybercriminals have also managed to insert advertisements for hacking services on other websites, such as the one corresponding to the Spanish Red Cross and on the websites of industrial corporations such as Rockwell Collins and Raytheon.

From TechCrunch they also point out that, because some of these offers have a publication date, they could have been available online for some time and within the reach of users who accessed or downloaded these files.

For his part, Scott-Railton has pointed out through his personal Twitter profile that cybercriminals could have taken advantage of this ‘spam’ “for more nefarious things”. In this case, the cybercriminals would only have shared their offers within the PDFs, although “they could have uploaded PDF files with malicious content or links,” according to this researcher.

After an analysis of the websites where these hacking service postings were placed, TechCrunch concluded that the purpose of the hackers was to generate money through clicks on these offers.

In this sense, he has pointed out that the creators of this campaign make use of open source tools to create verification pop-ups, at which time they would be generating money in the background.

On the other hand, TechCrunch has insisted that three of the victims of this malicious campaign -the University of Washington, the city of Johns Creek and the Community Colleges of Spokane (all of them from the United States)- pointed out that the problem was due to the system content management Kentico CMS.