Link Substitution in Messengers

02 min

Link substitution is a type of attack where the victim is offered one link, but actually transitions to a completely different one.

De-anonymization and Data Collection

The most popular method of de-anonymization through messengers is sending a link that, when opened, leads to the attacker obtaining data about the victim. This does not necessarily only involve obtaining the IP address; as you already know from the course, the link can also reveal the presence of social media accounts, which websites the victim visits, and much more.

Even if the victim uses a VPN and hides their real IP address, there are dozens of ways to de-anonymize VPN users, such as connection matching or sending a fake request to the VPN provider asking for your data.

Infection

Infecting a victim simply by opening a website is not a very common attack, as it requires the attacker to exploit zero-day vulnerabilities, and sometimes several such vulnerabilities are needed. For example, if you are an attacker and you have two vulnerabilities for the Chrome browser and for Windows, what guarantee is there that the victim does not have Safari and macOS?

Of course, initially, reconnaissance can be conducted, for which the same link substitution can be used, but that is a separate story. In any case, zero-day vulnerabilities capable of compromising the victim's device simply by opening a website are possessed by state-level hackers or companies selling solutions to governments, but it is unlikely that they will be found with script kiddies or mid-level hackers.

Sometimes attackers use known vulnerabilities, but in such cases, the victim must not have installed browser updates or other vulnerable components, such as Flash.

Far more often, attackers try to force the user to infect themselves. For example, by downloading and opening a file or installing a necessary browser extension. Probably 99.9% of attackers act this way, because having a good head on one's shoulders has always been and will always be the best antivirus.

Hjälpsamt?

Föregående artikelEncryption of Messages in the BrowserNästa artikelFour Secrets of Safe Communication for Hackers

Håll dig uppdaterad

Prenumerera på våra uppdateringar så att du aldrig missar något.