eSentire TRU (Threat Response Unit) has recently discovered a scamming activity conducted via a fake QuickBooks installer that sends a warning message indicating technical support is required to fix QuickBooks.
QuickBooks is an accounting software developed and maintained by Intuit. It is very popularly used in the financial sector.
Scamming is becoming one of the most high-severity threats among all the sectors where victims are cheated and looted.
Upon investigation by the eSentire TRU, they found two other infections across all their clients: Business Services and Consulting Sector firms.
The Scamming activity starts when users download QuickBooks software from “QB Exclusive,” which appears to be a legitimate website but is controlled by threat actors.
Furthermore, the TRU discovered that the number displayed on the scam pop-up appeared on two additional websites—both operated under Business Growth Solutions, which offers QuickBooks consulting services.
In addition, Researchers discovered that there had been reports on Reddit and QuickBooks forums about users being scammed with similar warning messages and illegitimate support services, priced around $800 to $2000.
If the victims call these numbers, threat actors communicate through calls and claim to be from QB Exclusive. They also take remote sessions of the system using Zoho Assist.
However, Victims install these fake installers due to Ads on Google. The first suggestion for a search of “QuickBooks download” results in the first website that leads to a malicious website.
The TRU has also posted a complete investigation on this issue, explaining the methods used by the Scamming groups.
Though Google Ads provides the fastest and best results, checking on the original company website for installing software is still advised.
Scamming activities are becoming popular among threat actors. Providing Security Awareness Training to employees will be an additional defense against scamming.
With remote access to the victim’s machine, the attacker(s) can perform further malicious actions, such as exfiltrating sensitive data and planting backdoors.
Using Endpoint Detection and Response (EDR) software is advised, which can detect and prevent malicious software.
Struggling to Apply The Security Patch in Your System? –
Try All-in-One Patch Manager Plus
Also Read:
