Hackers are hijacking the Instagram accounts of companies and influencers in a new phishing campaign, taking over prominent accounts and demanding a ransom. The hackers offer phone numbers indicating they are based in Russia and Turkey.
The people behind the attack start by sending a message pretending to be Instagram, notifying Instagram users of a hypothetical instance of copyright infringement. There is a link in the message that takes victims to a website controlled by the hackers. From there, the user is asked to enter their Instagram login information, giving the attackers full access to their accounts.
After gaining control of the Instagram account, the threat actors change the password and username. The modified username is a variation of 'pharabenfarway' followed by a number that appears to be the number of followers for the hijacked account.
A report said, “In one incident, threat actor communications originated from a Turkish-language version of Instagram. Additionally, the page source of one of the phishing websites references the Turkish file-sharing service. The infrastructure associated with this campaign is based in Turkey and other countries.”
It is said that based on domain creation dates, the hackers hijacked a number of accounts and began the campaign in 2021. Through searches on underground forums, a post from September was found where someone tied to the hackers is selling access to hijacked Instagram accounts for about $40,000.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
