After several fake steps, the user will be prompted to download a malicious file or enter card details to continue.
As part of a large-scale attack, hackers post articles on government and university websites with instructions on how to hack into social network accounts, which lead to malware infection on the computer.
The attack first came to light when security intelligence firm Cyble shared a screenshot of UNESCO.org being hacked to host an article on how to hack an Instagram account.
Clicking on the embedded link will take you to a website that claims to be an Instagram account hacking tool.
If you try to use this tool, it will take you through a series of "for appearances" steps, as shown in the video below, and eventually prompt you to download a file to complete the hack. However, clicking on the download link redirects you to a site that distributes malware.
Part of a larger hacking campaign
BleepingComputer investigated further and found that many other college, government and organization websites have been hacked to promote fake hacking tools for Netflix, WhatsApp, Facebook, Instagram, TikTok and Snapchat.
TikTok Hack Search Example
Some of the sites targeted by this campaign are owned by US government organizations in San Diego, Colorado, Minnesota, as well as sites of UNESCO, National Institutes of Health (nih.gov), National Cancer Institute (Cancer.gov), Rutgers, University. Washington, Arizona State University, Rochester Institute of Technology, University of Iowa, University of Maryland, and University of Michigan,
Based on the patterns observed by BleepingComputer, attackers are exploiting vulnerabilities in the CMS to host their own articles. One common method was to use the Drupal Webform component to upload PDF files with links to fake hacking tools.
To make matters worse, the attackers have successfully managed to do black hat SEO so that these "hack tools" are promoted as the first search result in general keyword searches on Google.
First place in Google search
Clicking on these links will redirect users to pages with fake hacking tools similar to the Instagram site we showcased above.
For example, the first result of a Google search for "hack tiktok account" is a site hosting a fake TikTok hack tool as shown below.
Fake TikTok Hack Tool
All tested sites behave the same way; pretend that you hacked your account and then claim that they failed and you need to download the program to continue.
Clicking on these links leads to requests for personal information, credit card information, or prompts you to download a suite of malware and adware packages.