Fraudsters in the Middle East are exploiting a vulnerability in the government services portal. By impersonating government officials, they target individuals who have filed commercial complaints.
Using Remote Access Software, the fraudsters can then steal credit card information and conduct unauthorized transactions that circumvent traditional OTP-based security measures, highlighting the evolving nature of cybercrime and the need for enhanced user education and more robust security protocols.
Multiple customers reported fraudulent activities initiated through phone calls. In each case, callers posing as government officials instructed victims to download legitimate government applications and the remote access software AnyDesk.
This unauthorized access enabled the perpetrators to execute unauthorized financial transactions, including credit card withdrawals and bank account deductions, without the victims’ explicit consent or knowledge.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
A stealer’s malware infects a consumer’s device, exfiltrating their personal information, including contact details, which are then leaked onto the dark web.
Fraudsters exploit this data to impersonate government officials, offering assistance with a fabricated consumer complaint where they socially engineer the victim into installing a legitimate government application and a remote access tool.
Leveraging screen sharing, the scammers guide the victim to upload their credit card photo and intercept incoming OTPs, enabling them to complete unauthorized online transactions using the stolen information.
RedLine Stealer, a prevalent malware, exploits vulnerabilities to infiltrate systems and targets sensitive data like passwords, cookies, and cryptocurrency wallets, often distributed through phishing and infected software.Â
Its user-friendly interface and accessibility on underground forums empower both novice and experienced cybercriminals, posing a significant threat to individuals and organizations.
The sophisticated fraud scheme, likely orchestrated by organized criminal groups in the Middle East, targets victims through social engineering tactics, including impersonating government officials.
By using remote access tools (RATs), attackers gain control of victims’ devices, intercepting One-Time Passwords (OTPs) to authorize fraudulent transactions, which include high-value purchases from online stores and e-wallet top-ups, facilitating rapid cash-out through mule accounts.
Attackers employ advanced techniques like VPNs and dedicated IP ranges to mask their origin and pose significant financial risks, with average losses per transaction exceeding US$1,300 and the potential for substantial individual losses.
The scheme leverages compromised government portals to obtain user data, enabling fraudsters to impersonate officials and socially engineer victims into divulging card details.
To mitigate this, government agencies must enhance account security and implement robust ATO defenses that involve integrating threat intelligence, monitoring user behavior, and implementing robust anti-fraud processes, including 3DS authentication with enhanced behavioral analysis.
According to Group-IB, users must prioritize digital hygiene, avoid sharing sensitive information, and be wary of unsolicited calls or requests for software installations.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
