Cybercriminals target UAE residents, visitors in new info-stealing campaign

Jason Macuray
A group of hackers in recent months has attempted to steal personal and financial information from residents and visitors of the United Arab Emirates in a new text-based phishing campaign, according to new research.

A group of hackers in recent months has attempted to steal personal and financial information from residents and visitors of the United Arab Emirates in a new text-based phishing campaign, according to new research.

The cybercriminals — called the Smishing Triad gang — sent malicious text messages purportedly from UAE authorities, luring victims into providing data such as home addresses, phone numbers, and credit card information.

The messages, targeting both Apple iOS and Google Android mobile devices, contained a link to a fake website that looked almost identical to the one of the UAE state agency responsible for residency and foreign affairs, according to researchers at Resecurity.

Before launching the attacks, the hackers likely obtained information about UAE residents and foreigners living in or visiting the country through third-party data breaches, business email compromises or databases purchased on the dark web, researchers said.

Some of their victims included people who had recently updated their residence visas and could be more prone to respond to fake “information requests,” according to the report.

The hackers even added a message on the malicious website, cautioning those redirected to it that some of their personal data “is missing” from the state registry. If not provided, these individuals would be “restricted from leaving the UAE” and fined almost $14,000.

To make their targeting more precise, the hackers used geolocation filters. This ensured that the phishing website would only appear when accessed from UAE IP addresses and mobile devices.

In their previous campaigns, Smishing Triad hackers posed as U.S., U.K., and European postal providers. The criminals sent malicious links to victims through SMS or iMessage, and used URL-shortening services like bit.ly to randomize the links.

The researchers didn’t attribute this campaign to a specific country but said that one of the hackers’ critical domain names was registered via a China-based organization. Resecurity said it notified UAE law enforcement and cybersecurity agencies about the campaign.

Just last week, the UAE was targeted by a different kind of attack coming from politically motivated hackers. They replaced the original TV broadcast with graphic footage from the war between Israel and Hamas.

BriefsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Ukraine’s partners launch Tallinn Mechanism to amplify cyber support

Next Post

Nearly 3 million affected by ransomware attack on medical software firm

Related Posts

Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout

The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice." "There
Avatar
Read More

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems. The malware-laced packages are named nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111. They have been uploaded by a threat actor named "WS." "These
Omega Balla
Read More