The Colombian Federation of Municipalities warns about a new method of deception that has been discovered regarding the collection of fines and sanctions.
Cybercriminals once again appear just one click away to impersonate one of the most consulted pages in the country with the aim of distributing malicious code.
In the last few hours it was revealed that there is a website that is impersonating Simit, the Integrated Information System on fines and penalties for traffic violations, "to distribute the XWrom malware through steganography."
XWorm is a malware that aims to capture Windows systems, and on this occasion “838 downloads have been executed so far".
In 2023 alone, the entity managed to take down between eight to ten fraudulent pages that used the name Simit.
What these pages allow is to capture and steal your personal information. These pages are asking you to consult your account statement to make payments and settlements, and with that they steal people's information. Sandra Milena Tapias, National Simit Director, Colombian Federation of Municipalities.
This new fraudulent page bears the name of Simit and the logo of the Colombian Federation of Municipalities, in which it invites users to download a file with code 042024.
Please note that the page www.resulevetucomparendo.com is also using the logos of the Federation, and then directs to a WhatsApp chat with the number 3203942260 “which uses the logos of the entity and presents the 'advisor' Nikol Soto who has no relationship with the entity".
Recommendations
The official website for consulting and paying fines and penalties for traffic violations is: www.fcm.org.co/simit
The consultation website does not request to download any file, except for the settlement of the payment of the fine in banks.
Users can only pay PSE fines on the website or payment receipt at banking entities, not through Nequi or deposits to savings accounts.
Priority: Criticism
Indicators of Compromise (IoC):
URLs:
hxxps://simit-federacion-nacional-transito[.]com/
www[.]resulevetucomparendo[.]com
wormplace.duckdns[.]org
hxxps://paste[.ee/d/ABSOh
hxxps://uploaddeimagens[.com.br/images/004/766/978/full/new_image_vbs.jpg?1712588469
hxxps://uploaddeimagens[.com.br/images/004/766/979/original/new_image_vbs.jpg?1712588500
hxxp://107.175.69[.]54/wsa/txt/otp/web_page/admin/indexphp.txt
IPs:
186.169.46.127
186.169.36.138
186.169.55.162
186.169.80.74
181.235.5.32
186.169.80.207
186.169.69.60
Comentarios