Yota site was hacked

Be careful, the official website of the company Yota, www.yota.ru , was attacked. A JavaScript code was introduced to the site’s pages, which, after clicking on any link when first entering www.yota.ru, opens an additional browser window with a pseudo-antivirus that supposedly finds malware on the visitor’s computer and offers to get rid of it by entering the code via SMS .

The pop-up window contains no control elements (except for the address bar) and loads its contents from the pomisna.org subdomain registered through EvoPlus with hidden Whois data . On the main page there is a standard Apache stub.

The pop-up window simulates the interface of the Explorer and Microsoft Security Essentials in Windows 7, as well as the squeals of Kaspersky Anti-Virus. Then everything is standard: if you want to get rid of the virus - enter the phone number, receive an SMS with the code, enter the code in the window, and say goodbye to the money in the account.
')
After reporting a burglary, the consequences, according to a company representative, were eliminated in about half an hour. However, the state of affairs has not changed, which suggests that the right hand does not know what the left is doing. So far, no comments have been received on the nature of the vulnerability from the company or the PR service .

Update. Six days later, a company representative reported that the vulnerability had been fixed. The only thing that became known about its nature is that it was not discovered in the CMS, but the page with the standard login form in the 1C-Bitrix administration panel stopped loading. Later it became known that the entrance to the panel is located at a different address and is possible only from the company's internal network.

Source: upweek.ru