Harmful links in fake petitions in movements across countries
A link to a petition calling for the resignation of Bangladesh Prime Minister Sheikh Hasina is being circulated on social media. It is claimed that signing the petition will result in a gift of 20 GB of internet data. However, upon verification, it has been found that it is not a genuine petition but a malicious fake link designed to steal user’s personal information and compromise their security. The fake link mimics a popular international petition platform and has been shared in connection with recent political events in Bangladesh. Similar campaigns have also been observed in two African countries.
A post titled “To save Bangladesh, sign this petition, appeal to resign Hasina for killing students, and to save and Get 20GB Free Data Reward” has been shared by several pages, groups (1, 2), and individual IDs (1, 2) over the last two days. The caption is being shared along with a link https://sign.mypetition.xyz/Stepdown-Hasina.html. Based on verification by the malicious link-checking website VirusTotal, at least two organizations have flagged the website as a harmful phishing link.
Upon visiting the site, it is evident that the website has been designed to mimic the name and design of the well-known international petition platform “change.org.” However, it has no affiliation with the “change.org” domain The domain of this fake website is mypetition.XYZ, whereas the legitimate Change platform’s domain is “change.org”. In other words, this fake petition regarding the resignation of the Prime Minister is being circulated under the guise of “change.”
Searching the sign.mypetition.XYZ domain reveals two other websites: sign.mypetition.xyz/Sign-To-Stop-Corruption.html and sign.mypetition.xyz/DataCost.html.
On visiting the first website, it is clear that it prominently features two hashtags, #March2Parliament, and #StopCorruption, These hashtags are widely associated with the ongoing anti-corruption movement in Uganda. This fake anti-corruption petition website was created in Uganda to align with the movement. Similar to the situation in Bangladesh, the website encurages people to sign Uganda’s anti-corruption petition.Analysis of the petition link on VirusTotal identified it as malware and phishing, flagged by at least four organizations.
The second link found by searching the sign.mypetition.XYZ domain, leads to a petition in Ghana. VirusTotal has also flagged this website as harmful. The site is asking for signatures on a petition to lower internet prices in Ghana. Verification shows that on the 24th of this month, a member of parliament in Ghana supported reducing internet prices, and this issue has been discussed on social media.
Phishing techniques can expose users’ password and credit card numbers without their knowledge. According to Kaspersky, malware is a type of software that can steal user information, similar to phishing links.
This indicates that not only in Bangladesh but also in the recently reported cases from two African countries, the same domain is being used to spread fake websites with harmful links.
It is important to note that there has been recent political unrest in Bangladesh centered on the quota movement. Various memes and slogans demanding Prime Minister Sheikh Hasina’s resignation are circulating on social media.