More than a dozen malicious India-linked domains and websites that were being used in attacks targeting users worldwide by hack-for-hire groups have now been banned by American tech giant Google's Threat Analysis Group (TAG).
To warn users about the threat, the company recently published a blog post where they listed these banned domain links which used to inject spying tools into users' PCs/laptops by appearing as fake login pages for websites or apps.
The blog post read, "As part of TAG's mission to counter serious threats to Google and our users, we've published analysis on a range of persistent threats including government-backed attackers, commercial surveillance vendors, and serious criminal operators."
"We're sharing intelligence on a segment of attackers we call hack-for-hire, whose niche focuses on compromising accounts and exfiltrating data as a service," it continued.
Below is the list of these banned India-linked domains:
- dtiwa.app[.]link
- share-team.app[.]link
- mipim.app[.]link
- processs.app[.]link
- aws-amazon.app[.]ink
- clik[.]sbs
- loading[.]sbs
- userprofile[.]live
- requestservice[.]live
- unt-log[.]com
- webtech-portal[.]com
- id-apl[.]info
- rnanage-icloud[.]com
- apl[.]onl
- go-gl[.]io
Whenever a user typed in their login credentials on these domains, their details were secretly sent to the hacker, who could then use them to break into the user's system and take complete control over it. Government organizations to AWS and Gmail accounts have been the targets of these phishing messages.
Apart from India, Google has also provided examples of the hack-for-hire ecosystem from Russia and the United Arab Emirates (UAE), in order to help users.