Igor Bederov, an expert at the SafeNet engineering center of the National Technology Initiative (NTI), reported on the discovered vulnerability in the Unified Portal of Public Services, which allows redirecting users from the portal to any other resources.
According to RIA Novosti, the specialist reports a covert redirect, in which the user can be redirected to any other resource, including the attacker's sites. It is specified that if such a site contains malicious software, then it will be installed on the device automatically.
Bederov notes that most often in such cases, “only the first part of the link pointing to the Gosuslug portal will be displayed, and the redirecting part of the link will be cut off by the social network or messenger itself.” Previously, similar systems of secret redirection appeared for the social networks VKontakte and Instagram, as well as Youtube.
To protect devices and data, the expert advises to check the link address before clicking on it. As he clarified, this can be done using antiviruses and hyperlink decryptors. In addition, the specialist recommends updating the software.
We will remind, earlier in the Ministry of Internal Affairs told about the most popular types of IT-crimes of fraudsters. Among such methods, swindlers often convince Russians on behalf of bank employees to transfer money to a fake account.