Indian e-commerce websites are being targeted by malvertising on Facebook

The deadly Covid-19 pandemic has made a lockdown situation for people all over the world. India has enforced lockdown on March 23, 2020, which is still imposed with relief in few areas. The e-commerce companies were restricted from selling non-essential goods almost for 2 months in India. As the e-commerce companies are fully operational for the last few weeks, malware authors have started malvertising abusing the lockdown situation. SonicWall threat research team has observed scams spreading on Facebook, claiming as Flipkart lockdown sale, Amazon India sale and Paytm sale. The scam sale is offering premium mobile phones at unbelievable prices, saying deals end in a few minutes. This attracts users and makes them purchase the product immediately.

You will see the below scam Ad on your Facebook profile claiming Flipkart lockdown sale and Paytm limited period offer for premium mobiles at very low prices:

Clicking on Flipkart lockdown sale will take the user to the next page which asks the user to continue:

After clicking to continue user will be redirected to Flipkart looking website. The website shows many premium mobiles at very low prices and says them as Deals of the Day which will end in a few minutes. The website looks like a fully functional Flipkart website but only the mobile phones links work:

Clicking on any product will take users to the product details page similar to the genuine Flipkart website which also includes ratings and reviews, which are not accessible for detailed view. User is only allowed to click on BUY NOW:

Clicking on BUY NOW will take the user to the address page. However, users need not worry about filling the delivery address, they are not going to ship you the product. All the field are marked compulsory but the user can continue without filling any field:

Now the user is in the final stage of being looted by this scam. The payment page accepts payment only through UPI:

The user is now all set for losing his hard-earned money within 5 minutes. He just needs to click on Proceed to pay and enter the UPI pin:

This scam is targeting people located in India having ages between 18 to 55 years. Facebook users can report this Ad scam to Facebook:

Some users are abusing these scams in a comment, some are asking for Cash On Delivery (COD), some are educating other users against this scam but there are also many users who have paid the money to these fraud accounts:

Creating this type of malvertising will take only a few hours for the malware author which can result in looting thousands of users in an hour.

SonicWall Capture Labs provides protection against this threat via the following signature:

• Infector.ML

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.