Saturday, May 3, 2025
HomeCyber CrimeHackers Targeting Users Who Lodged Complaints On Government portal To Steal Credit...

Hackers Targeting Users Who Lodged Complaints On Government portal To Steal Credit Card Data

Published on

SIEM as a Service

Follow Us on Google News

Fraudsters in the Middle East are exploiting a vulnerability in the government services portal. By impersonating government officials, they target individuals who have filed commercial complaints. 

Using Remote Access Software, the fraudsters can then steal credit card information and conduct unauthorized transactions that circumvent traditional OTP-based security measures, highlighting the evolving nature of cybercrime and the need for enhanced user education and more robust security protocols.

Multiple customers reported fraudulent activities initiated through phone calls. In each case, callers posing as government officials instructed victims to download legitimate government applications and the remote access software AnyDesk. 

- Advertisement - Google News

This unauthorized access enabled the perpetrators to execute unauthorized financial transactions, including credit card withdrawals and bank account deductions, without the victims’ explicit consent or knowledge.

A diagram of how an impersonation and remote access scam is carried out.
A diagram of how an impersonation and remote access scam is carried out.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

A stealer’s malware infects a consumer’s device, exfiltrating their personal information, including contact details, which are then leaked onto the dark web. 

Fraudsters exploit this data to impersonate government officials, offering assistance with a fabricated consumer complaint where they socially engineer the victim into installing a legitimate government application and a remote access tool. 

Leveraging screen sharing, the scammers guide the victim to upload their credit card photo and intercept incoming OTPs, enabling them to complete unauthorized online transactions using the stolen information.

RedLine Stealer, a prevalent malware, exploits vulnerabilities to infiltrate systems and targets sensitive data like passwords, cookies, and cryptocurrency wallets, often distributed through phishing and infected software. 

Its user-friendly interface and accessibility on underground forums empower both novice and experienced cybercriminals, posing a significant threat to individuals and organizations.

The sophisticated fraud scheme, likely orchestrated by organized criminal groups in the Middle East, targets victims through social engineering tactics, including impersonating government officials. 

By using remote access tools (RATs), attackers gain control of victims’ devices, intercepting One-Time Passwords (OTPs) to authorize fraudulent transactions, which include high-value purchases from online stores and e-wallet top-ups, facilitating rapid cash-out through mule accounts. 

Attackers employ advanced techniques like VPNs and dedicated IP ranges to mask their origin and pose significant financial risks, with average losses per transaction exceeding US$1,300 and the potential for substantial individual losses.

The scheme leverages compromised government portals to obtain user data, enabling fraudsters to impersonate officials and socially engineer victims into divulging card details. 

To mitigate this, government agencies must enhance account security and implement robust ATO defenses that involve integrating threat intelligence, monitoring user behavior, and implementing robust anti-fraud processes, including 3DS authentication with enhanced behavioral analysis. 

According to Group-IB, users must prioritize digital hygiene, avoid sharing sensitive information, and be wary of unsolicited calls or requests for software installations.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

RansomHub Taps SocGholish: WebDAV & SCF Exploits Fuel Credential Heists

SocGholish, a notorious loader malware, has evolved into a critical tool for cybercriminals, often...

Hackers Weaponize Go Modules to Deliver Disk‑Wiping Malware, Causing Massive Data Loss

Cybersecurity researchers uncovered a sophisticated supply chain attack targeting the Go programming language ecosystem...

Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at...

Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

RansomHub Taps SocGholish: WebDAV & SCF Exploits Fuel Credential Heists

SocGholish, a notorious loader malware, has evolved into a critical tool for cybercriminals, often...

Hackers Weaponize Go Modules to Deliver Disk‑Wiping Malware, Causing Massive Data Loss

Cybersecurity researchers uncovered a sophisticated supply chain attack targeting the Go programming language ecosystem...

Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at...